Security in Android ICC

Patrick Frischknecht. Security in Android ICC. Bachelor’s thesis, University of Bern, June 2018. Details.


Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the integrated development environment (IDE) about the presence of such security smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of these apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.

Posted by scg at 25 June 2018, 12:15 pm link


Hello. 你好。可以问一件事情吗?因为对你们很有感兴趣

Posted by Tiara Nowland at 7 July 2018, 10:52 am link
Last changed by admin on 21 April 2009