Abstract
We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014 |
| Publisher | IEEE, Institute of Electrical and Electronics Engineers |
| Pages | 388-397 |
| Number of pages | 10 |
| ISBN (Electronic) | 9781479965137 |
| DOIs | |
| Publication status | Published - 15 Jan 2015 |
| Externally published | Yes |
| Event | IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014 - Beijing, China Duration: 24 Sep 2014 → 26 Sep 2014 Conference number: 13th |
Conference
| Conference | IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014 |
|---|---|
| Abbreviated title | TrustCom 2014 |
| Country | China |
| City | Beijing |
| Period | 24/09/14 → 26/09/14 |
Cite this
}
Automatically exploiting potential component leaks in android applications. / Li, Li; Bartel, Alexandre; Klein, Jacques; Traon, Yves Le.
Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014. IEEE, Institute of Electrical and Electronics Engineers, 2015. p. 388-397 7011274.Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review
TY - GEN
T1 - Automatically exploiting potential component leaks in android applications
AU - Li, Li
AU - Bartel, Alexandre
AU - Klein, Jacques
AU - Traon, Yves Le
PY - 2015/1/15
Y1 - 2015/1/15
N2 - We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.
AB - We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.
UR - http://www.scopus.com/inward/record.url?scp=84923025805&partnerID=8YFLogxK
U2 - 10.1109/TrustCom.2014.50
DO - 10.1109/TrustCom.2014.50
M3 - Conference Paper
SP - 388
EP - 397
BT - Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014
PB - IEEE, Institute of Electrical and Electronics Engineers
ER -