A Static Detection of Inter-Component Communication Vulnerability in Android Application

摘要

Security issues were found between inter-component communication in Android application: the usage of explicit or implicit intent might give rise to data attack, component hijacking and privilege escalation, etc. in order to detect these problems, a detect method of inter-component communication vulnerability on Android application was presented. Firstly, an APK was analyzed reversely, and ICC methods in its component were detected. Afterwards, its component call pair, component call link and component call graph were constructed. Next, the detect framework began to analyze data flow of the suspicious components. Experimental results show that the proposed method is able to detect common inter-component communication vulnerability comprehensively and effectively not only between different components but also different applications.