PlAnalyzer
- In this work we propose PIAnalyzer, a novel approach to analyze PendingIntent related vulnerabilities. We empirically evaluate PIAnalyzer on a set of 1000 randomly selected applications from the Google Play Store and find 1358 insecure usages of Pendinglntents, including 70 severe vulnerabilities. We manually inspected ten reported vulnerabilities out of which nine correctly reported vulnerabilities, indicating a high precision. The evaluation shows that PIAnalyzer is efficient with an average execution time of 13 seconds per application.
Author details: | Sascha GrossORCiDGND, Abhishek TiwariORCiD, Christian HammerORCiD |
---|---|
DOI: | https://doi.org/10.1007/978-3-319-98989-1_3 |
ISBN: | 978-3-319-98989-1 |
ISBN: | 978-3-319-98988-4 |
ISSN: | 0302-9743 |
ISSN: | 1611-3349 |
Title of parent work (English): | Computer Security(ESORICS 2018), PT II |
Subtitle (English): | a precise approach for pendingIntent vulnerability analysis |
Publisher: | Springer |
Place of publishing: | Cham |
Publication type: | Other |
Language: | English |
Date of first publication: | 2018/08/07 |
Publication year: | 2018 |
Release date: | 2022/02/24 |
Tag: | Android; Information flow control; Intent analysis; Static analysis |
Volume: | 11099 |
Number of pages: | 19 |
First page: | 41 |
Last Page: | 59 |
Funding institution: | German Federal Ministry of Education and Research (BMBF)Federal Ministry of Education & Research (BMBF) [16KIS0760] |
Organizational units: | Digital Engineering Fakultät / Hasso-Plattner-Institut für Digital Engineering GmbH |
DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
Peer review: | Referiert |