Analyzing inter-application communication in Android

MobiSys'11 - Compilation Proceedings of the 9th International Conference on Mobile Systems, Applications and Services and Co-located Workshops

Volumn , Issue , 2011, Pages 239-252

  Chin, Erika ^a   Felt, Adrienne Porter ^a   Greenwood, Kate ^a   Wagner, David ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Android; intents; message passing; mobile phone security

Indexed keywords

ANDROID; APPLICATION COMPONENTS; APPLICATION SECURITY; COMPONENT REUSE; END USERS; INTENTS; INTER-APPLICATION COMMUNICATIONS; MESSAGE PASSING SYSTEMS; OPEN API; SECURITY RISKS; SMART PHONES; USER DATA; USER PRIVACY;

MESSAGE PASSING; ROBOTS; TELECOMMUNICATION EQUIPMENT;

APPLICATION PROGRAMMING INTERFACES (API);

EID: 79961035117     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1999995.2000018     Document Type: Conference Paper

References (28)

1. Android Market. http://www.android.com/market/.
2. Android permissions. http://android.git.kernel.org/?p=platform/ frameworks/base.git;a=blob;f=core/res/AndroidManifest.xml.
3. iPhone App Store. http://www.apple.com/iphone/apps-for-iphone/.
4. MobiStealth. http://www.mobistealth.com/.
5. Appventive. ICE: In case of emergency. http://www.appventive.com/ice.
6. A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request forgery. In Proc. of the 15th ACM Conference on Computer and Communications Security (CCS 2008), 2008.
7. J. Burns. Mobile application security on Android. Blackhat, 2009.
8. B. Chess and G. McGraw. Static analysis for security. Security & Privacy, IEEE, 2(6):76-79, 2004. (Pubitemid 40010916)
9. W. Cheswick, S. Bellovin, and A. Rubin. Firewalls and Internet security: repelling the wily hacker. Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA, 2003.
10. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazieres, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In Proc. of the 20th ACM Symposium on Operating Systems Principles, pages 17-30. ACM, 2005.
11. W. Enck, P. Gilbert, B.-g. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacymonitoring on smartphones. In Proc. of the USENIXSymposium on Operating Systems Design andImplementation (OSDI), Vancouver, October 2010.
12. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri.A Study of Android Application Security. In Proc. ofthe 20th USENIX Security Symposium, August 2011.
13. W. Enck, M. Ongtang, and P. McDaniel. Onlightweight mobile phone application certification. In Proc. of the 16th ACM Conference on Computer andCommunications Security (CCS), November 2009.
14. W. Enck, M. Ongtang, and P. McDaniel.Understanding Android security. IEEE Security andPrivacy, 7(1):50-57, 2009.
15. A. P. Fuchs, A. Chaudhuri, and J. S. Foster.SCanDroid: Automated security certification of Android applications. Technical report, University of Maryland, 2009.
16. M. Howard, J. Pincus, and J. Wing. Measuring relative attack surfaces. Computer Security in the 21st Century, pages 109-137, 2005.
17. IMDb. IMDb Movies & TV. http://www.androlib.com/android.application. com-imdb-mobile-jzEzw.aspx.
18. N. Jovanovic, E. Kirda, and C. Kruegel. Preventing cross site request forgery attacks. In Securecomm and Workshops, 2006, pages 1-10. IEEE, 2006.
19. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. Kaashoek, E. Kohler, and R. Morris. Informationflow control for standard OS abstractions. In Proc. of 21st ACM SIGOPS Symposium on Operating Systems Principles, pages 321-334. ACM, 2007.
20. H. Lee. Nationwide bus. http://www.androlib.com/android.application.net- hyeongkyu-android-incheonbus-Eqwq.aspx.
21. V. B. Livshits and M. S. Lam. Finding security vulnerabilities in Java applications with static analysis. In Proc. of the 14th Conference on USENIX Security Symposium, pages 18-18. USENIX Association, 2005.
22. P. Manadhata, J. Wing, M. Flynn, and M. McQueen. Measuring the attack surfaces of two FTP daemons. In Proc. of the 2nd ACM Workshop on Quality of Protection, pages 3-10. ACM, 2006.
23. A. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology (TOSEM), 9(4):410-442, 2000.
24. G. Paller. Dedexer. http://dedexer.sourceforge.net/.
25. M. A. Troy Vennon. Android malware: Spyware in the Android Market. Technical report, SMobile Systems, March 2010.
26. T. Vennon. Android malware: A study of known and potential malware threats. Technical report, SMobile Systems, February 2010.
27. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3-17, 2000.
28. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proc. of the 7th Symposium on Operating Systems Design and Implementation, pages 263-278. USENIX Association, 2006.