• DocumentCode
    1799769
  • Title

    Automatically Exploiting Potential Component Leaks in Android Applications

  • Author

    Li Li ; Bartel, Alexandre ; Klein, John ; Le Traon, Yves

  • Author_Institution
    Univ. of Luxembourg - SnT, Luxembourg, Luxembourg
  • fYear
    2014
  • fDate
    24-26 Sept. 2014
  • Firstpage
    388
  • Lastpage
    397
  • Abstract
    We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.
  • Keywords
    Android (operating system); data flow analysis; invasive software; smart phones; Android applications; Google Play store; ICC vulnerabilities; PCLeaks tool; PCLeaksValidator; automatic potential-component leak exploitation; data-flow analysis; intercomponent communication vulnerabilities; Androids; Humanoid robots; Malware; Mobile communication; Receivers; Smart phones;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
  • Conference_Location
    Beijing
  • Type

    conf

  • DOI
    10.1109/TrustCom.2014.50
  • Filename
    7011274
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1799769