Detecting vulnerabilities of broadcast receivers in Android applications

Date

2016-01-01

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

As being a representative mobile operating system in the world, Android OS has been part of users' daily life. Unfortunately, the rapid expansion of Android third-markets introduces malware aiming at Android applications at an alarming rate, which poses great threats to its users. Current research about the privacy leakage in Android mostly focuses on Activity, Service and Content Providers. Little attention has been paid to the vulnerability of Broadcast Receiver, which is expected to assist inter-component collaboration and facilitate component reutilization. In this thesis, we first present a detailed analysis on vulnerabilities of Broadcast Receiver. Then, we design and develop a Broadcast Receiver Vulnerability Detection (BRVD) system that examines such vulnerabilities, using a combination of semantic analysis and taint analysis. Furthermore, we perform experimental evaluation by analyzing 55 applications from Android third-markets using the proposed system; and 132 registered receivers are found with 11 vulnerable receivers being verified.

Description

Keywords

Android, Broadcast receiver, Taint analysis, Semantic analysis, Vulnerability

Citation