Vincenzo Chiaramida, F. Pinci, U. Buy, Rigel Gjomemo
{"title":"AppSeer: discovering flawed interactions among Android components","authors":"Vincenzo Chiaramida, F. Pinci, U. Buy, Rigel Gjomemo","doi":"10.1145/3243218.3243225","DOIUrl":null,"url":null,"abstract":"We identify several reliability issues arising from interactions between components of system-defined Android apps and components of third-party apps. These issues are generally caused by incorrect assumptions that system apps make about the behavior of third-party apps, resulting in significant vulnerabilities in system apps. For instance, it is possible for a third-party app to make many system applications to crash, including the Phone app used to make and receive phone calls, the Settings app used to configure a mobile device, and several other apps that expose a so-called started service. Our findings indicate that additional automated tools for integration testing and static analysis of Android apps are in order. Here we discuss AppSeer, a toolset that automatically detects vulnerabilities of system apps and third-party apps. Preliminary precision and recall results for AppSeer are quite encouraging.","PeriodicalId":324676,"journal":{"name":"Proceedings of the 1st International Workshop on Advances in Mobile App Analysis","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1st International Workshop on Advances in Mobile App Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3243218.3243225","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
We identify several reliability issues arising from interactions between components of system-defined Android apps and components of third-party apps. These issues are generally caused by incorrect assumptions that system apps make about the behavior of third-party apps, resulting in significant vulnerabilities in system apps. For instance, it is possible for a third-party app to make many system applications to crash, including the Phone app used to make and receive phone calls, the Settings app used to configure a mobile device, and several other apps that expose a so-called started service. Our findings indicate that additional automated tools for integration testing and static analysis of Android apps are in order. Here we discuss AppSeer, a toolset that automatically detects vulnerabilities of system apps and third-party apps. Preliminary precision and recall results for AppSeer are quite encouraging.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
