PINCI-THESIS-2019.pdf (15.64 MB)
Analysis, Detection and Exploitation of Exposed Components in Android Applications
thesis
posted on 2019-08-06, 00:00 authored by Francesco PinciSmartphones and tablets have become an essential element in our everyday lives. Everyone
use these devices to send messages, make phone calls, make payments, manage appointments
and surf the web. All these use cases imply that they have access to and collect user sensitive
information at every moment. This has attracted the attention of attackers, who started tar-
getting them. The attraction is demonstrated by the continuous increase in the sophistication
and number of malware that has mobile devices as the target [9] [10].
The Android project is an open-source software which can be downloaded and studied
by anyone. Its openness has allowed, during the years, an intensive inspection and testing
by developers and researchers. This led Google to constantly update its product with new
functionalities as well as bug fixes. Various types of attacks have targetted the Android software
but all of them have been mitigated with the introduction of new security mechanisms and
additional prevention methods. Starting from September 2018, 16 major versions of the OS
have been deployed, reducing substantially the attack surface exposed by the system.
The application ecosystem developed by the Android project is a key factor for the high
popularity of the mobile devices manufactured and sold with the OS. The users can benefit from
an immense official store as well as alternative stores, providing applications for every category
and need. The significance of applications has increased the importance of their security in the
OS platform. The development of strong security mechanisms is of primary importance, but it is
not enough. Software is written by humans, which are not perfect and can make mistakes. This requires the creation of tools, essential for the analysis and testing of the security implemented
in a system.
The Android architecture and applications structure require interaction between the various
software systems running on a device. This is made available by applications components,
modular objects which implements the different features provided by the app. This opening
could create holes in the Android Security mechanisms. In particular, our research starts with
the assumption that application components can generate vulnerabilities when not developed
correctly while paying attention to their security.
The study of component interactions and system applications lead us to the discovery of
possible interaction vulnerabilities, confirmed by the first major issue found in the PhoneApp
system application. Due to the large size of the source code in applications, the need for a tool
to automate the process arose. At this point, we projected and developed the tool architecture,
including a static analysis component and a dynamic analysis one for testing. The results
obtained from the tool demonstrates that our assumptions were correct, leading us to discover
the second type of vulnerabilities. Both types of vulnerabilities have been exploited to present
examples of possible malicious applications that could be developed by attackers.
Finally, the tool has been perfected and used to understand how the presented issues are
widespread in the applications provided by the Android operating system or by third-party
developers. The results are used to understand in which situations the components become
more common and to define possible approaches to mitigate the problem.
History
Advisor
Buy, UgoChair
Buy, UgoDepartment
Computer ScienceDegree Grantor
University of Illinois at ChicagoDegree Level
- Masters
Committee Member
Gjomemo, Rigel Lioy, AntonioSubmitted date
May 2019Issue date
2019-03-28Usage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC