Automatically exploiting potential component leaks in Android applications

Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

38 Citations (Scopus)

Abstract

We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.

Original languageEnglish
Title of host publicationProceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014
EditorsYunhao Liu, Nei Kato, Keqiu Li, Jian Ren
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages388-397
Number of pages10
ISBN (Electronic)9781479965137
DOIs
Publication statusPublished - 2014
Externally publishedYes
EventIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014 - Beijing, China
Duration: 24 Sep 201426 Sep 2014
Conference number: 13th

Conference

ConferenceIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2014
Abbreviated titleTrustCom 2014
CountryChina
CityBeijing
Period24/09/1426/09/14

Cite this