NIV-Detector: An Automated Approach for Detecting Next-Intent Security Vulnerability in Android Applications

Zakarea Alshara, Anas Shatnawi, Yaser Jararweh
December, 2022
Cite Code Video Source Document
Image credit: Unsplash

Abstract

In Android inter-process communication, any component can start another public component using an Intent messaging object nevertheless the components belong to different processes or applications. Besides, the private components should be protected and only be accessible by the same process. However, the malicious application can breach access and directly starts private components from another process, causing Next-Intent Vulnerability (NIV). The leading cause of NIV comes from lunching unsafe Nested Intent sent by the malicious application. In this paper, we propose a new approach and implement its tool to automatically inspect NIV code smells. We integrate our tool, named NIV-Detector, with Android Studio as a plugin to be available during development time. We use NIV-Detector to inspect 100 Android GitHub projects. As a result, we successfully confirmed ten vulnerable projects with 14 NIV smells.

Type
Conference paper
Publication
In the Ninth International Conference on Software Defined Systems
Zakarea Alshara
Zakarea Alshara
Associate Professor of Software Engineering

My research interests include Software Engineering, Software Security, AI, and Cloud Computing.