Abstract
The Inter-Component Communication (ICC) model in Android enables the sharing of data and services among app components. However, it has been associated with several problems, including complexity, support for unconstrained communication, and difficulties for developers to understand. These issues have led to numerous security vulnerabilities in Android ICC. While existing research has focused on specific subsets of these vulnerabilities, it lacks comprehensive and scalable modeling of app specifications and interactions, which limits the precision of analysis. To tackle these problems, we introduce VAnDroid3, a Model-Driven Reverse Engineering (MDRE) framework. VAnDroid3 utilizes purposeful model-based representations to enhance the comprehension of apps and their interactions. We have made significant extensions to our previous work, which include the identification of six prominent ICC vulnerabilities and the consideration of both Intent and Data sharing mechanisms that facilitate ICCs. By employing MDRE techniques to create more efficient and accurate domain-specific models from apps, VAnDroid3 enables the analysis of ICC vulnerabilities on intra- and inter-app communication levels. We have implemented VAnDroid3 as an Eclipse-based tool and conducted extensive experiments to evaluate its correctness, scalability, and run-time performance. Additionally, we compared VAnDroid3 with state-of-the-art tools. The results substantiate VAnDroid3 as a promising framework for revealing Android inter-app ICC security issues.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: Androzoo: Collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories, pp. 468–471 (2016)
Android Developers: Androif API reference. [Online]. Available: https://developer.android.com/reference. Accessed 22 Aug 2022
Android Developers: Intent and intetn filters. [Online]. Available: https://developer.android.com/guide/components/intents-filters. Accessed Aug 2022
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014). https://doi.org/10.1145/2666356.2594299
Backes, M., Bugiel, S., Derr, E., McDaniel, P., Octeau, D., Weisgerber, S.: On demystifying the android application framework: Re-Visiting android permission specification analysis. In: 25th USENIX Security Symposium (USENIX security 16), pp. 1101–1118 (2016)
Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: Covert: Compositional analysis of android inter-app permission leakage. IEEE Trans. Software Eng. 41(9), 866–886 (2015). https://doi.org/10.1109/TSE.2015.2419611
Bagheri, H., Sadeghi, A., Jabbarvand, R., Malek, S.: Practical, formal synthesis and automatic enforcement of security policies for android. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 514–525. IEEE (2016)
Bagheri, H., Kang, E., Malek, S., Jackson, D.: A formal approach for detection of security flaws in the android permission system. Formal Aspects Comput. 30, 525–544 (2018). https://doi.org/10.1007/s00165-017-0445-z
Bagheri, H., Wang, J., Aerts, J., Ghorbani, N., Malek, S.: Flair: efficient analysis of Android inter-component vulnerabilities in response to incremental changes. Empir. Softw. Eng. 26, 1–37 (2021). https://doi.org/10.1007/s10664-020-09932-6
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. Addison-Wesley Professional, Boston (2003)
Bondi, A.B.: Characteristics of scalability and their impact on performance. In: Proceedings of the 2nd International Workshop on Software and Performance, pp. 195–203 (2000)
Bosu, A., Liu, F., Yao, D., Wang, G.: Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 71–85 (2017)
Brambilla, M., Cabot, J., Wimmer, M.: Model-Driven Software Engineering in Practice. Morgan & Claypool Publishers, Colorado (2017)
Bruneliere, H.: Generic model-based approaches for software reverse engineering and comprehension. Doctoral dissertation, Nantes (2018)
Bruneliere, H., Cabot, J., Dupé, G., Madiot, F.: Modisco: a model driven reverse engineering framework. Inf. Softw. Technol. 56(8), 1012–1032 (2014). https://doi.org/10.1016/j.infsof.2014.04.007
Castro, P.F., Aguirre, N., Pombo, C.L., Maibaum, T.S.E.: Categorical foundations for structured specifications in Z Z. Formal Aspects Comput. 27, 831–865 (2015). https://doi.org/10.1007/s00165-015-0336-0
Chin, E., Felt, A. P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252 (2011)
Demissie, B.F., Ceccato, M., Shar, L.K.: Security analysis of permission re-delegation vulnerabilities in Android apps. Empir. Softw. Eng. 25, 5084–5136 (2020). https://doi.org/10.1007/s10664-020-09879-8
Dilhara, M., Cai, H., Jenkins, J.: Automated detection and repair of incompatible uses of runtime permissions in android apps. In: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, pp. 67–71 (2018)
Elish, K.O., Cai, H., Barton, D., Yao, D., Ryder, B.G.: Identifying mobile inter-app communication risks. IEEE Trans. Mob. Comput. 19(1), 90–102 (2018)
Elsabagh, M., Johnson, R., Stavrou, A., Zuo, C., Zhao, Q., Lin, Z.: FIRMSCOPE: Automatic uncovering of Privilege-Escalation vulnerabilities in Pre-Installed apps in android firmware. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2379–2396 (2020)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android applications. Manuscript, University of Maryland, 2(3). http://www.cs.umd.edu/avik/projects/scandroidascaa (2009)
Gadient, P., Ghafari, M., Frischknecht, P., Nierstrasz, O.: Security code smells in Android ICC. Empir. Softw. Eng. 24(5), 3046–3076 (2019). https://doi.org/10.1007/s10664-019-0974
Gajrani, J., Tripathi, M., Laxmi, V., Somani, G., Zemmari, A., Gaur, M.S.: Vulvet: Vetting of vulnerabilities in android apps to thwart exploitation. Digital Threats Res. Pract. 1(2), 1–25 (2020). https://doi.org/10.1145/3376121
Garg, S., Baliyan, N.: Android security assessment: a review, taxonomy and research gap study. Comput. Secur. 100, 102087 (2021). https://doi.org/10.1016/j.cose.2020.102087
Github: fgwei/ICC-Bench. [Online]. Available: fgwei/ICC-Bench. Accessed 22 Aug 2022
Github: Jadx:Dex to java decompile. [Online]. Available: https://github.com/skylot/jadx. Accessed 22 Aug 2022
Github: secure-software-engineering/DroidBench. [Online]. Available: https://github.com/secure-software-engineering/DroidBench. Accessed 22 Aug 2022
Gordon, M.I., Kim, D., Perkins, J. H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS, p. 110 (2015)
Grace, M. C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS, p. 19 (2012)
Hammad, M., Garcia, J., Malek, S.: Self-protection of android systems from inter-component communication attacks. Ph.D. thesis, University of California, Irvine (2018)
Hammad, M., Bagheri, H., Malek, S.: DelDroid: an automated approach for determination and enforcement of least-privilege architecture in android. J. Syst. Softw. 149, 83–100 (2019). https://doi.org/10.1016/j.jss.2018.11.049
Jenkins, J., Cai, H.: ICC-inspect: Supporting runtime inspection of Android inter-component communications. In: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, pp. 80–83 (2018)
Jenkins, J., Cai, H.: September. Dissecting Android inter-component communications via interactive visual explorations. In: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 519-523. IEEE (2017)
Jha, A. K., Lee, S., Lee, W.J.: Modeling and test case generation of inter-component communication in android. In: 2015 2nd ACM International Conference on Mobile Software Engineering and Systems, pp. 113–116. IEEE (2015)
Jiang, Y.Z.X., Xuxian, Z.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS) (2013)
Jouault, F., Allilaire, F., Bézivin, J., Kurtev, I.: ATL: a model transformation tool. Sci. Comput. Program. 72(1–2), 31–39 (2008). https://doi.org/10.1016/j.scico.2007.08.002
Klein, J.: A Journey through android app analysis: Solutions and open challenges. In: Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems, pp. 1–6 (2021)
Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, pp. 1–6 (2014)
Li, L., Bartel, A., Bissyandé, T. F., Klein, J., Le Traon, Y., Arzt, S., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: IccTA: Detecting inter-component privacy leaks in android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, pp. 280–291. IEEE (2015)
Li, L., Bissyandé, T.F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., Traon, L.: Static analysis of android apps: a systematic literature review. Inf. Softw. Technol. 88, 67–95 (2017). https://doi.org/10.1016/j.infsof.2017.04.001
Li, R., Diao, W., Li, Z., Yang, S., Li, S., Guo, S.: Android custom permissions demystified: a comprehensive security evaluation. IEEE Trans. Softw. Eng. 48(11), 4465–4484 (2021). https://doi.org/10.1109/TSE.2021.3119980
Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 229–240 (2012)
Nirumand, A., Zamani, B., Ladani, B.T.: A Model-based approach for representing data sharing mechanism in Android Applications. In: 2022 27th International Computer Conference, Computer Society of Iran (CSICC), pp. 1–7. IEEE (2022). https://doi.org/10.1109/CSICC55295.2022.9780518
Nirumand, A., Zamani, B., Tork Ladani, B.: ATL Rules and OCL Queries Implemented in VAnDroid3. [Online]. Available: https://mdse.ui.ac.ir/TR/UI-SE-MDSERG-2023-04.pdf. Technical Report, MDSE Research Group. Accessed Aug 2023
Nirumand, A., Zamani, B., Tork Ladani, B.: Formal Specification of Android ICC Vulnerabilities Using the Z Language. [Online]. Available: https://mdse.ui.ac.ir/TR/UI-SE-MDSERG-2023-03.pdf. Technical Report, MDSE Research Group. Accessed Aug 2023
Nirumand, A., Zamani, B., Tork Ladani, B.: VAnDroid: a framework for vulnerability analysis of Android applications using a model-driven reverse engineering technique. Softw. Pract. Exp. 49(1), 70–99 (2019). https://doi.org/10.1002/spe.2643
Nirumand, A., Zamani, B., Tork-Ladani, B., Klein, J., Bissyandé, T.F.: A model-based framework for inter-app Vulnerability analysis of Android applications. Softw. Pract. Exp. 53(4), 895–936 (2023). https://doi.org/10.1002/spe.3171
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective Inter-Component communication mapping in android: An essential step towards holistic security analysis. In: 22nd USENIX Security Symposium (USENIX Security 13), pp. 543–558 (2013)
Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: Composite constant propagation: Application to android inter-component communication analysis. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol 1, pp. 77–88. IEEE (2015)
Octeau, D., Jha, S., Dering, M., McDaniel, P., Bartel, A., Li, L., Klein, J., Le Traon, Y., Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 469–484 (2016)
Patil, M., Pramod, D.: AndRev: Reverse engineering tool to extract permissions of Android mobile apps for analysis. In: Computer Networks and Inventive Communication Technologies: Proceedings of Third ICCNCT 2020, 1199-1207. Springer Singapore (2021). https://doi.org/10.1007/978-981-15-9647-6_95
Pauck, F., Bodden, E., Wehrheim, H.: Do android taint analysis tools keep their promises?. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 331–341 (2018). https://doi.org/10.1145/3276993
Pressman, R.S.: Software Engineering: A Practitioner’s Approach. Palgrave Macmillan, London (2005)
Qiu, L., Wang, Y., Rubin, J.: Analyzing the analyzers: Flowdroid/iccta, amandroid, and droidsafe. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 176–186 (2018)
Rai, P.O.: Android Application Security Essentials. Packt Publishing Ltd, Birmingham (2013)
Ranganath, V.P., Mitra, J.: Are free android app security analysis tools effective in detecting known vulnerabilities? Empir. Softw. Eng. 25, 178–219 (2020). https://doi.org/10.1007/s10664-019-09749-y
Ravitch, T., Creswick, E.R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L.: Multi-app security analysis with fuse: Statically detecting android app collusion. In: Proceedings of the 4th Program Protection and Reverse Engineering Workshop, pp. 1–10 (2014)
Sabir, U., Azam, F., Haq, S.U., Anwar, M.W., Butt, W.H., Amjad, A.: A model driven reverse engineering framework for generating high level UML models from java source code. IEEE Access 7, 158931–158950 (2019). https://doi.org/10.1109/ACCESS.2019.2950884
Sadeghi, A.: Efficient permission-aware analysis of android apps. Ph.D. thesis, University of California, Irvine (2018)
Sadeghi, A., Bagheri, H., Garcia, J., Malek, S.: A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans. Softw. Eng. 43(6), 492–530 (2016). https://doi.org/10.1109/TSE.2016.2615307
Samhi, J., Bartel, A., Bissyandé, T.F., Klein, J.: Raicc: Revealing atypical inter-component communication in android apps. In: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pp. 1398–1409 (2021). https://doi.org/10.1109/ICSE43902.2021.00126
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A., Piras, L.: Android source code vulnerability detection: a systematic literature review. ACM Comput. Surv. 55(9), 1–37 (2023). https://doi.org/10.1145/3556974
Shahriar, H., Haddad, H.M.: Content provider leakage vulnerability detection in Android applications. In: Proceedings of the 7th International Conference on Security of Information and Networks, pp. 359–366 (2014). https://doi.org/10.1145/2659651.2659716
Six, J.: Application Security for the Android Platform: Processes, Permissions, and Other Safeguards. O’Reilly Media Inc., New York (2011)
Spivey, J.M., Abrial, J.R.: The Z Notation. Prentice Hall, Hemel Hempstead (1992)
Statista: Mobile OS market share 2021. [Online]. Available: https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/. Accessed 22 Aug 2023
Statista: Number of available apps in Google Play Store. Available: https://www.statista.com/statistics/289418/number-of-available-apps-in-the-google-play-store-quarter/. Accessed 22 Aug 2023
Statistics: Mobile App Download and Usage Statistics (2022). [Online]. Available https://buildfire.com/app-statistics/. Accessed 22 Aug 2022
Statistics: Most popular Google Play app categories as of 1st quarter 2022. [Online]. Available: https://www.statista.com/statistics/279286/google-play-android-app-categories/. Accessed 22 Aug 2022
Talegaon, S., Krishnan, R.: A formal specification of access control in android with URI permissions. Inf. Syst. Front. 23, 849–866 (2021). https://doi.org/10.1007/s10796-020-10066-9
Talukder, M.A.I., Shahriar, H., Qian, K., Rahman, M., Ahamed, S., Wu, F., Agu, E. Droidpatrol: a static analysis plugin for secure mobile software development. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol 1, pp 565–569. IEEE (2019)
Tan, Z., Song, W.: PTPDroid: Detecting violated user privacy disclosures to third-parties of android apps. In: 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), pp. 473–485. IEEE (2023). https://doi.org/10.1109/ICSE48619.2023.00050
Tiwari, A., Groß, S., Hammer, C.: IIFA: modular inter-app intent information flow analysis of android applications. In: Security and Privacy in Communication Networks: 15th EAI International Conference, SecureComm 2019, Orlando, FL, USA, Proceedings, Part II 15, pp. 335–349. Springer International Publishing, London (2019)
Tuncay, G.S., Demetriou, S., Ganju, K., Gunter, C.: Resolving the predicament of android custom permissions (2018)
Wang, R., Enck, W., Reeves, D., Zhang, X., Ning, P., Xu, D., Azab, A.M.: EASEAndroid: Automatic policy analysis and refinement for security enhanced android via large-scalesemi-supervised learning. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 351–366
Wei, F., Roy, S., Ou, X., Robby: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Trans. Privacy Secur. (TOPS) 21(3), 1–32 (2018). https://doi.org/10.1145/3183575
Woodcock, J., Davies, J.: Using Z. Prentice Hall International, Hoboken (2011)
Wu, T., Deng, X., Yan, J., Zhang, J.: Analyses for specific defects in android applications: a survey. Front. Comput. Sci. 13, 1210–1227 (2019). https://doi.org/10.1007/s11704-018-7008-1
Yan, J., Zhang, S., Liu, Y., Deng, X., Yan, J., Zhang, J.: A comprehensive evaluation of Android ICC resolution techniques. In: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp. 1–13 (2022a). https://doi.org/10.1145/3551349.3560420
Yan, J., Zhang, S., Liu, Y., Yan, J., Zhang, J.: ICCBot: fragment-aware and context-sensitive ICC resolution for Android applications. In: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, pp. 105–109 (2022b). https://doi.org/10.1145/3510454.3516864
Zhang, J., Tian, C., Duan, Z.: An efficient approach for taint analysis of android applications. Comput. Secur. 104, 102161 (2021). https://doi.org/10.1016/j.cose.2020.102161
Author information
Authors and Affiliations
Contributions
All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no Conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix
Transform and integrate to ICC model
Implicit Communication Extractor. As shown in Algorithm 1 (lines 21–28), to extract all potential implicit ICCs, the intents whose type (according to the Intent schema) is equal to Implicit are considered. Then, according to the specifications of each intent, the specifications of the implicit communications that may occur between app components through the desired intent are retrieved. These specifications include: senderComp: the component that is specified by senderComp of the intent, senderApp: the application whose component is specified by senderComp of the intent, receiverComp: the components that can receive and handle the desired intent, and receiverApp: the applications containing these components.
As indicated in Algorithm 1 (lines 24–27), VAnDroid3 conducts a precise intent resolution (matching) (Android Developers 2022) process to extract the receiver components. In this process, to identify the components receiving the desired implicit intent, a procedure of mapping a given intent to possible target components is performed. In this mapping, the specifications of the intent are compared with the specifications of component interfaces (intent filters) in all components of the app bundle through three major tests: Action test, Category test, and Data test. As a result of these tests, the components that can receive and handle the intent are specified.
Data Manipulation Communication Extractor. As depicted in Algorithm 2 (lines 23–38), to extract all potential data manipulation communications, the ContentURIrequests whose RequestType (according to the ContentURIrequest schema) is equal to ManipulationRequest are considered. After that, for each ContentURIrequest, according to the specifications of the URI that exists in the request, the specifications of data manipulation communication that may occur between app components through the URI are retrieved, which include: senderComp: the component that specified by senderComp of the ContentURIrequest, senderApp: the application whose component specified by senderComp of the ContentURIrequest, receiverComp: the Content Provider existing in the app bundle that can receive and handle the desired ContentURIrequest, and receiverApp: the application containing the Content Provider.
As indicated in Algorithm 2 (lines 27–37), to extract the receiver Content Provider for data access and data manipulation communications, VAnDroid3 conducts a precise URI resolution process. In this process, the authority test is performed. In this test, the authority of the URI is compared with the authority of all Content Provider components in the bundle. As a result, the Content Provider that is able to receive and handle the desired ContentURIrequest is specified.
The Z specification language
One of the well-known formal languages for describing and reasoning information systems and their properties is the Z notation, which has been considered in both educational and research fields since its development in the 1980s (Castro et al. 2015). This language has excellent features that motivate us to use it for providing the formal specification of Android ICC vulnerabilities. The Z language, based on mathematical logic and set theory, can be used to produce precise and unambiguous documentation in which information is structured and presented at an appropriate level of abstraction that leads to a common understanding among all those who interacted with the system (Woodcock and Davies 2011; Castro et al. 2015; Spivey and Abrial 1992). These formal specifications describe what the system must do and its features and do not focus on how those features are achieved. Another feature of Z is that the specifications are structured through the notation of schema, and generally, each schema has two compartments: a declaration section and a constraint/predicate section (Woodcock and Davies 2011; Castro et al. 2015). Table 18 briefly describes the Z notation used in this paper’s presented formal specification of Android ICC vulnerabilities.
Timing results for the incremental ICC analysis feature
Tables 19 and 20 show the time that it takes to reanalyze a revised Android system by VAndroid3 for each experiment in Sect. 6.3.2.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Nirumand, A., Zamani, B. & Ladani, B.T. A comprehensive framework for inter-app ICC security analysis of Android apps. Autom Softw Eng 31, 45 (2024). https://doi.org/10.1007/s10515-024-00439-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10515-024-00439-8