Analysis, Detection and Exploitation of Exposed Components in Android Applications

Smartphones and tablets have become an essential element in our everyday lives. Everyone use these devices to send messages, make phone calls, make payments, manage appointments and surf the web. All these use cases imply that they have access to and collect user sensitive information at every moment. This has attracted the attention of attackers, who started tar- getting them. The attraction is demonstrated by the continuous increase in the sophistication and number of malware that has mobile devices as the target [9] [10]. The Android project is an open-source software which can be downloaded and studied by anyone. Its openness has allowed, during the years, an intensive inspection and testing by developers and researchers. This led Google to constantly update its product with new functionalities as well as bug fixes. Various types of attacks have targetted the Android software but all of them have been mitigated with the introduction of new security mechanisms and additional prevention methods. Starting from September 2018, 16 major versions of the OS have been deployed, reducing substantially the attack surface exposed by the system. The application ecosystem developed by the Android project is a key factor for the high popularity of the mobile devices manufactured and sold with the OS. The users can benefit from an immense official store as well as alternative stores, providing applications for every category and need. The significance of applications has increased the importance of their security in the OS platform. The development of strong security mechanisms is of primary importance, but it is not enough. Software is written by humans, which are not perfect and can make mistakes. This requires the creation of tools, essential for the analysis and testing of the security implemented in a system. The Android architecture and applications structure require interaction between the various software systems running on a device. This is made available by applications components, modular objects which implements the different features provided by the app. This opening could create holes in the Android Security mechanisms. In particular, our research starts with the assumption that application components can generate vulnerabilities when not developed correctly while paying attention to their security. The study of component interactions and system applications lead us to the discovery of possible interaction vulnerabilities, confirmed by the first major issue found in the PhoneApp system application. Due to the large size of the source code in applications, the need for a tool to automate the process arose. At this point, we projected and developed the tool architecture, including a static analysis component and a dynamic analysis one for testing. The results obtained from the tool demonstrates that our assumptions were correct, leading us to discover the second type of vulnerabilities. Both types of vulnerabilities have been exploited to present examples of possible malicious applications that could be developed by attackers. Finally, the tool has been perfected and used to understand how the presented issues are widespread in the applications provided by the Android operating system or by third-party developers. The results are used to understand in which situations the components become more common and to define possible approaches to mitigate the problem.