RAICC: Revealing Atypical Inter-Component Communication in Android Apps

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Documents

  • Fulltext

    Submitted manuscript, 509 KB, PDF document

  • Jordan Samhi
  • Alexandre Bartel
  • Tegawende F. Bissyande
  • Jacques Klein
Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large body of literature, ICC is rather "complex and largely unconstrained", leaving room to a lack of precision in apps modeling. To address the challenge of tracking ICCs within apps, state of the art static approaches such as EPICC, ICCTA and AMANDROID have focused on the documented framework ICC methods (e.g., startActivity) to build their approaches. In this work we show that ICC models inferred in these state of the art tools may actually be incomplete: the framework provides other atypical ways of performing ICCs. To address this limitation in the state of the art, we propose RAICC a static approach for modeling new ICC links and thus boosting previous analysis tasks such as ICC vulnerability detection, privacy leaks detection, malware detection, etc. We have evaluated RAICC on 20 benchmark apps, demonstrating that it improves the precision and recall of uncovered leaks in state of the art tools. We have also performed a large empirical investigation showing that Atypical ICC methods are largely used in Android apps, although not necessarily for data transfer. We also show that RAICC increases the number of ICC links found by 61.6% on a dataset of real-world malicious apps, and that RAICC enables the detection of new ICC vulnerabilities.
Original languageEnglish
Title of host publication2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)
PublisherIEEE
Publication date2021
Pages1398-1409
ISBN (Print)978-1-6654-0296-5
DOIs
Publication statusPublished - 2021
Event43rd IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2021 - Virtual, Online, Spain
Duration: 25 May 202128 May 2021

Conference

Conference43rd IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2021
LandSpain
ByVirtual, Online
Periode25/05/202128/05/2021
SeriesProceedings - International Conference on Software Engineering
ISSN0270-5257

    Research areas

  • Static Analysis, Android Security

ID: 323622380