Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw 2020
DOI: 10.1145/3368089.3409745
|View full text |Cite
|
Sign up to set email alerts
|

Borrowing your enemy’s arrows: the case of code reuse in Android via direct inter-app code invocation

Abstract: The Android ecosystem offers different facilities to enable communication among app components and across apps to ensure that rich services can be composed through functionality reuse. At the heart of this system is the Inter-component communication (ICC) scheme, which has been largely studied in the literature. Less known in the community is another powerful mechanism that allows for direct inter-app code invocation which opens up for different reuse scenarios, both legitimate or malicious. This paper exposes… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
4
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
5
4

Relationship

4
5

Authors

Journals

citations
Cited by 10 publications
(4 citation statements)
references
References 52 publications
0
4
0
Order By: Relevance
“…Ideally, mobile apps should be intensively analyzed to check their security and privacy requirements conformance. However, when performed statically, app analysis is often time-consuming, may produce many false positives, and will not identify all problems that occur at runtime [26,42]. On the other hand, dynamic analysis does not scale and often cannot cover the whole codebase [19,34,45].…”
Section: Introductionmentioning
confidence: 99%
“…Ideally, mobile apps should be intensively analyzed to check their security and privacy requirements conformance. However, when performed statically, app analysis is often time-consuming, may produce many false positives, and will not identify all problems that occur at runtime [26,42]. On the other hand, dynamic analysis does not scale and often cannot cover the whole codebase [19,34,45].…”
Section: Introductionmentioning
confidence: 99%
“…Less known in the community is another powerful mechanism that allows for direct inter-app code invocation which opens up for different reuse scenarios, both legitimate or malicious. In a FSE 2020 paper [12], we exposed the general workflow for this mechanism, which beyond ICCs, enables app developers to access and invoke functionalities (either entire Java classes, methods or object fields) implemented in other apps using official Android APIs. We experimentally showcased how this reuse mechanism can be leveraged to "plagiarize" supposedly protected functionalities.…”
Section: Other Static Analyses Performed On Android Appsmentioning
confidence: 99%
“…Researchers have spent tremendous efforts in analyzing and improving Android apps and their running framework systems, as well as the overall Android ecosystem [3,12,13]. They have attempted to detect security issues of Android apps [14][15][16], dissect malicious behaviors of Android malware [7,17], characterize compatibility issues of Android apps [18][19][20][21], improve code qualities of Android apps [22,23], mitigate energy concerns of Android apps [24,25], etc.…”
Section: Related Workmentioning
confidence: 99%