A SEALANT for Inter-App Security Holes in Android

Lee, Youn Kyu; Bang, Jae Young; Safi, Gholamreza; Shahbazian, Arman; Zhao, Yixue; Medvidović, Nenad

doi:10.1109/icse.2017.36

Cited by 44 publications

(35 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use mobile app security techniques-IccTA [17], SEALANT [16], and APKCombiner [18]-to demonstrate how developers and researchers can benefit from MAO-MAO and MR. We choose security because it has attracted the greatest attention among researchers in the mobile domain.…”

Section: Maomao's Envisioned Adoptionmentioning

confidence: 99%

“…INTRODUCTION Over the past decade, mobile computing devices have become dominant [1] and this trend is bound to continue into the foreseeable future. New technologies invariably bring challenges that require researchers' attention, such as the problems in the mobile domain that affect mobile app performance [2]- [8], energy use [9]- [15], and security [16]- [22].…”

mentioning

confidence: 99%

“…We have found that the research in the mobile app domain is still at a relatively early stage, and that there is a pronounced gap between research and practice. The majority of existing work still focuses on identifying problems, such as detecting performance bugs [3], [4], security vulnerabilities [16], [17], and energy hotspots [9], [15], while techniques for solving them are invariably left to future work.…”

mentioning

confidence: 99%

See 2 more Smart Citations

A Microservice Architecture for Online Mobile App Optimization

Zhao

Medvidović

2019

2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft)

Self Cite

View full text Add to dashboard Cite

A large number of techniques for analyzing and optimizing mobile apps have emerged in the past decade. However, those techniques' components are notoriously difficult to extract and reuse outside their original tools. This paper introduces MAOMAO, a microservice-based reference architecture for reusing and integrating such components. MAOMAO's twin goals are (1) adoption of available app optimization techniques in practice and (2) improved construction and evaluation of new techniques. The paper uses several existing app optimization techniques to illustrate both the motivation behind MAOMAO and its potential to fundamentally alter the landscape in this area.

show abstract

Section: Maomao's Envisioned Adoptionmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

A Microservice Architecture for Online Mobile App Optimization

Zhao

Medvidović

2019

2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In an Android platform, the intent mechanism is used for the ICC. 20 Applications can send intents directly to specific components, eg, Activity or Service, or broadcast them to all running applications. Indeed, intents support the communication between components.…”

Section: Android Overviewmentioning

confidence: 99%

“…In fact, the visible part of the application is Activity. ‐Service: It is a component of the Android application that is designed for the processes in the background. ‐Broadcast Receiver: This type of component receives messages from other applications and other components. ‐Content Provider: It is a component that is designed to share data between applications. The components of Activity, Service, and Broadcast Receiver can interact with each other through the intent. In an Android platform, the intent mechanism is used for the ICC . Applications can send intents directly to specific components, eg, Activity or Service, or broadcast them to all running applications.…”

Section: Introductionmentioning

confidence: 99%

VAnDroid: A framework for vulnerability analysis of Android applications using a model‐driven reverse engineering technique

2018

View full text Add to dashboard Cite

Summary Android is extensively used worldwide by mobile application developers. Android provides applications with a message passing system to communicate within and between them. Due to the risks associated with this system, it is vital to detect its unsafe operations and potential vulnerabilities. To achieve this goal, a new framework, called VAnDroid, based on Model Driven Reverse Engineering (MDRE), is presented that identifies security risks and vulnerabilities related to the Android application communication model. In the proposed framework, some security‐related information included in an Android app is automatically extracted and represented as a domain‐specific model. Then, it is used for analyzing security configurations and identifying vulnerabilities in the corresponding application. The proposed framework is implemented as an Eclipse‐based tool, which automatically identifies the Intent Spoofing and Unauthorized Intent Receipt as two attacks related to the Android application communication model. To evaluate the tool, it has been applied to several real‐world Android applications, including 20 apps from Google Play and 110 apps from the F‐Droid repository. VAnDroid is also compared with several existing analysis tools, and it is shown that it has a number of key advantages over those tools specifically regarding its high correctness, scalability, and usability in discovering vulnerabilities. The results well indicate the effectiveness and capacity of the VAnDroid as a promising approach in the field of Android security.

show abstract