Privilege Leakage and Information Stealing through the Android Task Mechanism
File version
Author(s)
Bai, G
Mao, J
Liang, Z
Cheng, W
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
Washington, USA
License
Abstract
To facilitate apps to collaborate in finish complex jobs, Android allows isolated apps to communicate through explicit interfaces. However, the communication mechanisms often give additional privilege to apps, which can be exploited by attackers. The Android Task Structure is a widely-used mechanism to facilitate apps' collaboration. Recent research has identified attacks to the mechanism, allowing attackers to spoof UIs in Android. In this paper, we present an analysis on the security of Android task structure. In particular, we analyze the system/app conditions that can cause the task mechanism to leak privilege. Furthermore, we identify new end-to-end attacks that enable attackers to actively interfere with victim apps to steal sensitive information. Based on our findings, we also develop atask interference checking app for exploits to the Android task structure.
Journal Title
Conference Title
Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017
Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Distributed computing and systems software
Persistent link to this record
Citation
Xiao, Y; Bai, G; Mao, J; Liang, Z; Cheng, W, Privilege Leakage and Information Stealing through the Android Task Mechanism, Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017, 2017, pp. 152-163