Automatically exploiting potential component leaks in android applications

Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

33 Citations (Scopus)

Abstract

We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.

Original languageEnglish
Title of host publicationProceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages388-397
Number of pages10
ISBN (Electronic)9781479965137
DOIs
Publication statusPublished - 15 Jan 2015
Externally publishedYes
EventIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014 - Beijing, China
Duration: 24 Sep 201426 Sep 2014
Conference number: 13th

Conference

ConferenceIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014
Abbreviated titleTrustCom 2014
CountryChina
CityBeijing
Period24/09/1426/09/14

Cite this

Li, L., Bartel, A., Klein, J., & Traon, Y. L. (2015). Automatically exploiting potential component leaks in android applications. In Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014 (pp. 388-397). [7011274] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TrustCom.2014.50
Li, Li ; Bartel, Alexandre ; Klein, Jacques ; Traon, Yves Le. / Automatically exploiting potential component leaks in android applications. Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014. IEEE, Institute of Electrical and Electronics Engineers, 2015. pp. 388-397
@inproceedings{5d77e75202654b3b8407334c5157e42c,
title = "Automatically exploiting potential component leaks in android applications",
abstract = "We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75{\%} of the reported leaks are exploitable leaks.",
author = "Li Li and Alexandre Bartel and Jacques Klein and Traon, {Yves Le}",
year = "2015",
month = "1",
day = "15",
doi = "10.1109/TrustCom.2014.50",
language = "English",
pages = "388--397",
booktitle = "Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States of America",

}

Li, L, Bartel, A, Klein, J & Traon, YL 2015, Automatically exploiting potential component leaks in android applications. in Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014., 7011274, IEEE, Institute of Electrical and Electronics Engineers, pp. 388-397, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014, Beijing, China, 24/09/14. https://doi.org/10.1109/TrustCom.2014.50

Automatically exploiting potential component leaks in android applications. / Li, Li; Bartel, Alexandre; Klein, Jacques; Traon, Yves Le.

Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014. IEEE, Institute of Electrical and Electronics Engineers, 2015. p. 388-397 7011274.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - Automatically exploiting potential component leaks in android applications

AU - Li, Li

AU - Bartel, Alexandre

AU - Klein, Jacques

AU - Traon, Yves Le

PY - 2015/1/15

Y1 - 2015/1/15

N2 - We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.

AB - We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.

UR - http://www.scopus.com/inward/record.url?scp=84923025805&partnerID=8YFLogxK

U2 - 10.1109/TrustCom.2014.50

DO - 10.1109/TrustCom.2014.50

M3 - Conference Paper

SP - 388

EP - 397

BT - Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014

PB - IEEE, Institute of Electrical and Electronics Engineers

ER -

Li L, Bartel A, Klein J, Traon YL. Automatically exploiting potential component leaks in android applications. In Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014. IEEE, Institute of Electrical and Electronics Engineers. 2015. p. 388-397. 7011274 https://doi.org/10.1109/TrustCom.2014.50