ÌǹûÅɶÔ

Privacy is increasingly concerning, with multiple organizations relying on users' data and preferences. It is well-acknowledged that Android apps store a plentitude of privacy-sensitive data, and numerous studies have demonstrated the inefficacy of the Android operating system (OS) in protecting this sensitive data. Multiple approaches [7,8, 10, 11] leveraged static analysis-based techniques for the information flow analysis in Android apps. However, these approaches suffered in analyzing Android apps' dynamic properties (e.g., intents). This research line aims to devise frameworks to combat information security issues and vulnerabilities in Android apps. The following is a subset of the research output from the lab:

Information Flow Analysis of Android Hybrid Apps [1, 2, 3]

Hybrid Android apps integrate native components written in Java/Kotlin with web components like HTML and JavaScript into a single mobile application. Hybrid apps facilitate an active communication bridge between the native app’s code and the JavaScript on the web; enclosed JavaScript can access the app’s native side functionality via the communication bridge. Tracking information flows across language borders in hybrid apps becomes complex [6, 9], where sensitive data can flow from Java to JavaScript (and vice versa) via the shared bridge. These works propose static/dynamic analysis-guided frameworks for information flow analysis in Hybrid apps. Furthermore, to improve the security and accuracy of information flows in hybrid Android apps, formal analysis techniques can be employed. These methods involve developing formal models that capture interactions between native and web components, ensuring that sensitive data does not leak across the Java-JavaScript bridge.

Addressing Security Flaws of Inter/Intra-app Android Communication [4, 5]

Intents facilitate Android’s inter-component communication. The major challenge in identifying information flows through intents is identifying which information flows from one component to another. Leveraging static analysis is non-trivial because the receiver and the intent data may be unknown at analysis time, being strings that might be composed at runtime. [4] proposes a modular pre-analysis approach for intent communication, particularly for analyzing inter-app communication, based on summaries for all app components containing intent senders, receivers, and the exact intent characteristics. Besides, based on these summaries, a novel algorithm is proposed to match intent senders with intent receivers and to detect flow through more than two components via a lightweight fixed-point iteration. Formal methods can be applied to verify the security of inter and intra-app communication in Android. This includes creating formal specifications for intent-based communication and using model checking to ensure that intents are securely handled, preventing unauthorized data access.

PendingIntents are a powerful and universal feature of Android for inter-component communication. However, insecure use of these intents results in severe security threats in the form of denial-of-service, identity theft, and privilege escalation attacks. [5] proposed a static analysis-guided framework (PIAnalyzer) to detect PendingIntent-related vulnerability. PIAnalyzer detected 70 PendingIntent vulnerabilities leading up to the execution of critical operations from unprivileged applications. Formal Analysis of PendingIntent Vulnerabilities: The security assessed PendingIntents can be formally specified to identify potential vulnerabilities and verified to ensure that PendingIntents are used securely, preventing attacks, i.e., denial-of-service and privilege escalation, etc.

References

[1] Tiwari, A., Prakash, J., and Hammer, C. Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps. In 34th International Symposium of Software Reliability Engineering (ISSRE 2023).
[2] Tiwari, A., Prakash, J., Rahimov, A., and Hammer, C. Understanding the Impact of Fingerprinting in Android Hybrid Apps. International Conference on Mobile Software Engineering and Systems 2023, co-located with ICSE 2023.
[3] Tiwari, A., Prakash, J., Groß, S., and Hammer, C. A Large Scale Analysis of Android - Web Hybridization. In Journal of Systems and Software. https://doi.org/10.1016/j.jss.2020.110775
[4] Tiwari, A., Gross, S., and Hammer, C. IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications. In S. Chen et al. (Eds.): Security and Privacy in Communication Networks, Springer LNICST 305, pp. 335-349, 2019.
[5] Gross, S., Tiwari, A., and Hammer, C. PIAnalyzer: A Precise Approach to PendingIntent vulnerability analysis. In Computer Security ESORICS 2018, pp 41-59, Springer LNCS 11099.