English
Related papers

Related papers: Exploiting PendingIntent Provenance Confusion to S…

200 papers

In Android, communications between apps and system services are supported by a transaction-based Inter-Process Communication (IPC) mechanism. Binder, as the cornerstone of this IPC mechanism, separates two communicating parties as client…

Cryptography and Security · Computer Science 2016-04-26 Huan Feng , Kang G. Shin

Third-party Software Development Kits (SDKs) are widely adopted in Android app development, to effortlessly accelerate development pipelines and enhance app functionality. However, this convenience raises substantial concerns about…

Cryptography and Security · Computer Science 2025-06-19 Mark Huasong Meng , Chuan Yan , Qing Zhang , Zeyu Wang , Kailong Wang , Sin Gee Teo , Guangdong Bai , Jin Song Dong

The Android operating system is currently the most popular mobile operating system in the world. Android is based on Linux and therefore inherits its features including its Inter-Process Communication (IPC) mechanisms. These mechanisms are…

Cryptography and Security · Computer Science 2022-04-05 Mounir Elgharabawy , Blas Kojusner , Mohammad Mannan , Kevin R. B. Butler , Byron Williams , Amr Youssef

Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large body of literature, ICC is rather…

Software Engineering · Computer Science 2021-01-18 Jordan Samhi , Alexandre Bartel , Tegawendé F. Bissyandé , Jacques Klein

Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device…

Cryptography and Security · Computer Science 2020-09-15 Paul-Olivier Dehaye , Joel Reardon

Android has been the most popular smartphone system, with multiple platform versions (e.g., KITKAT and Lollipop) active in the market. To manage the application's compatibility with one or more platform versions, Android allows apps to…

Software Engineering · Computer Science 2017-03-20 Daoyuan Wu , Ximing Liu , Jiayun Xu , David Lo , Debin Gao

Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting…

Cryptography and Security · Computer Science 2026-04-17 Harini Dandu

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…

Cryptography and Security · Computer Science 2016-09-14 Daoyuan Wu , Debin Gao , Yingjiu Li , Robert H. Deng

Smartphone apps often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone,…

Cryptography and Security · Computer Science 2011-02-15 Michael Dietz , Shashi Shekhar , Yuliy Pisetsky , Anhei Shu , Dan S. Wallach

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential…

Cryptography and Security · Computer Science 2017-09-22 Shweta Bhandari , Wafa Ben Jaballah , Vineeta Jain , Vijay Laxmi , Akka Zemmari , Manoj Singh Gaur , Mohamed Mosbah , Mauro Conti

In this position paper we advocate software model checking as a technique suitable for security analysis of mobile apps. Our recommendation is based on promising results that we achieved on analysing app collusion in the context of the…

Software Engineering · Computer Science 2017-06-16 Irina Mariuca Asavoae , Hoang Nga Nguyen , Markus Roggenbach , Siraj Ahmed Shaikh

Mobile apps are predominantly integrated with cloud services to benefit from enhanced functionalities. Adopting authentication using secrets such as API keys is crucial to ensure secure mobile-cloud interactions. However, developers often…

Cryptography and Security · Computer Science 2025-11-11 Kevin Li , Lin Ling , Jinqiu Yang , Lili Wei

Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce…

Cryptography and Security · Computer Science 2022-03-25 Yi He , Yacong Gu , Purui Su , Kun Sun , Yajin Zhou , Zhi Wang , Qi Li

Android is designed with a number of built-in security features such as app sandboxing and permission-based access controls. Android supports multiple communication methods for apps to cooperate. This creates a security risk of app…

Cryptography and Security · Computer Science 2017-06-09 Jorge Blasco , Thomas M. Chen , Igor Muttik , Markus Roggenbach

Android's permission system is designed to balance usability with informed consent, yet two legacy mechanisms still undermine that balance in Android 16: (i) permission groups that silently auto-grant new permissions within a group after a…

Cryptography and Security · Computer Science 2026-05-28 Olawale Amos Akanji , Manuel Egele , Gianluca Stringhini

The scheme of application (app) distribution systems involving incentivized third-party app vendors is a desirable option for the emerging edge computing systems. However, such a scheme also brings various security challenges as faced by…

Cryptography and Security · Computer Science 2020-01-13 Hangtai Li , Yingbo Liu , Rui Tan

Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security…

Cryptography and Security · Computer Science 2026-01-29 David Schmidt , Sebastian Schrittwieser , Edgar Weippl

Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming…

Cryptography and Security · Computer Science 2018-12-11 Pascal Gadient , Mohammad Ghafari , Patrick Frischknecht , Oscar Nierstrasz

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our…

Cryptography and Security · Computer Science 2015-05-05 Lucky Onwuzurike , Emiliano De Cristofaro

Android apps cooperate through message passing via intents. However, when apps do not have identical sets of privileges inter-app communication (IAC) can accidentally or maliciously be misused, e.g., to leak sensitive information contrary…

Software Engineering · Computer Science 2023-05-09 Abhishek Tiwari , Sascha Groß , Christian Hammer
‹ Prev 1 2 3 10 Next ›