DETECTION OF IPC-BASED MOBILE VULNERABILITIES DUE TO INSUFFICIENT CALLER PERMISSIONS

摘要

Provided herein is a system, method, and computer program product for determining vulnerabilities in a target application of a mobile device. Determining vulnerabilities includes analyzing an inter-application communication interface of the target application to construct a list of incoming messages/Determining vulnerabilities also includes analyzing how the target application responds to message types of the incoming messages utilizing the list to associate caller permissions with the message types/In turn, determining the vulnerabilities of the target application can be based on discrepancies between the caller permissions and the message types.