1 GENERAL INSTRUCTIONS
In recent years, android ecosystem develops so fast,
more and more android phones spring up. In mobile
ecosystem, the market share of android has exceeded
80%. With the rapid development, the number of
android applications also increases rapidly [1], and
many application markets are increasingly emerging.
With android applications growing, the quality of the
applications is worrying, which cause many security
problems. According to Cisco 2014 Annual Security
Report Statistics, among mobile devices which suf-
fered from malware attacking, android devices ac-
count for 70%. In this paper, we propose a method to
detect a typical vulnerability called Permission Leak
Vulnerability [2] in android platform, and develop a
detection tool called ActivityFuzzer. Besides detect-
ing Permission Leak Vulnerability, ActivityFuzzer
can also find application runtime crash problem. Us-
ing this tool, we successfully detect many security
problems about activity component of android appli-
cation.
2 BACKGROUND
2.1 Android Security Model
In order to design a more secure mobile operating
system, Google introduces and designs some security
models into android system, such as sandbox, ICC
(Inter Component Communication) and permission
model [3].
2.1.1 Sandbox Model
In order to achieve privilege isolation between an-
droid applications, each android application runs in a
separate sandbox, can’t access resources of the sys-
tem or other applications. Sandbox model can effec-
tively prevent unauthorized access to sensitive in-
formation of system or other applications. If you
want to communicate with system or other applica-
tions to get resources, you have to do it through ICC,
which is a communication mechanism provided by
android system. ICC communication mechanism
will conduct a rigorous check to determine whether
this communication can be normal, such as deter-
mining the communication caller whether has per-
mission to access system resources.
2.1.2 ICC Communication Mechanism
ICC [4] communication mechanism is used for inter
component communication of android applications,
this mechanism enables communication between
Activity, Service and Receiver component. Develop-
ers can set the accessibility of android component in
AndroidManifest.xml file by setting exported
attributes, if exported property is set to “true”, other
applications can access the component, otherwise
can’t.
ICC communication mechanism implements data
transferring through Intent object. First, communica-
tion caller constructs Intent object, then set the prop-
erties of Intent object (such as Component, Action,
Data, Category, Extras and Flags, etc.). Last, call the
appropriate API function (such as startActivity,
startService, sendBroadcast etc.) to send the Intent
object, then you can send data to the communication
ActivityFuzzer: Detecting the Security Vulnerabilities of Android
Activity Components
Yongke Wang
1
, Jianwei Zhuge
2,3
, Donghong Sun
2,3
, Wu Liu
2,3
and Fenghua Li
1 *
1
State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing, China
2
Tsinghua National Laboratory for Information Science and Technology, Beijing, China
3
Institute for Network Science and Cyberspace, Tsinghua University, Beijing, China
*
Corresponding Author
ABSTRACT: In order to detect security problems in android activity components, we designed one detection
method based on fuzzing and dynamic hooking technology, and developed our detection tool called Activity-
Fuzzer. ActivityFuzzer constructs Intent objects by parsing android APK file, then sends them to activity
components. At the same time, ActivityFuzzer monitors the android system logs to find if security vulnerabili-
ties occur, such as permission leaks and runtime crashes. Besides, we designed a feedback mechanism to re-
duce false negatives. We use ActivityFuzzer to detect 100 android applications, and find 60% applications ex-
isting security problems. During the experiment, we find mobile QQ leaks ACCESS_NETWORK_STATE
permission, causing that other applications can access the OAuth service without any permission. And we find
a serious DoS vulnerability of wechat.
资源评论
