Privilege Leakage and Information Stealing through the Android Task Mechanism

Yinhao Xiao; Guangdong Bai; Jian Mao; Zhenkai Liang; Wei Cheng

doi:10.1109/PAC.2017.29

Privilege Leakage and Information Stealing through the Android Task Mechanism

Yinhao Xiao
, Guangdong Bai
, Jian Mao
, Zhenkai Liang
, Wei Cheng

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

7 Citations (Scopus)

Abstract

To facilitate apps to collaborate in finish complex jobs, Android allows isolated apps to communicate through explicit interfaces. However, the communication mechanisms often give additional privilege to apps, which can be exploited by attackers. The Android Task Structure is a widely-used mechanism to facilitate apps' collaboration. Recent research has identified attacks to the mechanism, allowing attackers to spoof UIs in Android. In this paper, we present an analysis on the security of Android task structure. In particular, we analyze the system/app conditions that can cause the task mechanism to leak privilege. Furthermore, we identify new end-to-end attacks that enable attackers to actively interfere with victim apps to steal sensitive information. Based on our findings, we also develop atask interference checking app for exploits to the Android task structure. © 2017 IEEE.

Original language	English
Title of host publication	Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017
Publisher	IEEE
Pages	152-163
Volume	2017-January
ISBN (Print)	9781538610275
DOIs	https://doi.org/10.1109/PAC.2017.29
Publication status	Published - 4 Dec 2017
Externally published	Yes
Event	1st IEEE Symposium on Privacy-Aware Computing, PAC 2017 - Washington, United States Duration: 1 Aug 2017 → 3 Aug 2017

Publication series

Name	Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017
Volume	2017-January

Conference

Conference	1st IEEE Symposium on Privacy-Aware Computing, PAC 2017
Place	United States
City	Washington
Period	1/08/17 → 3/08/17

Bibliographical note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

Funding

This work was supported in part by the National Natural Science Foundation of China (No. 61402029), the National Natural Science Foundation of China (No. 61370190 and No. 61379002), Singapore Ministry of Education under NUS grant R-252-000-539-112.

Access Output

10.1109/PAC.2017.29

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Xiao, Y., Bai, G., Mao, J., Liang, Z., & Cheng, W. (2017). Privilege Leakage and Information Stealing through the Android Task Mechanism. In Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017 (Vol. 2017-January, pp. 152-163). (Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017; Vol. 2017-January). IEEE. https://doi.org/10.1109/PAC.2017.29

@inproceedings{f662fdf9a9aa4865a119bae44cd032d2,

title = "Privilege Leakage and Information Stealing through the Android Task Mechanism",

abstract = "To facilitate apps to collaborate in finish complex jobs, Android allows isolated apps to communicate through explicit interfaces. However, the communication mechanisms often give additional privilege to apps, which can be exploited by attackers. The Android Task Structure is a widely-used mechanism to facilitate apps' collaboration. Recent research has identified attacks to the mechanism, allowing attackers to spoof UIs in Android. In this paper, we present an analysis on the security of Android task structure. In particular, we analyze the system/app conditions that can cause the task mechanism to leak privilege. Furthermore, we identify new end-to-end attacks that enable attackers to actively interfere with victim apps to steal sensitive information. Based on our findings, we also develop atask interference checking app for exploits to the Android task structure. {\textcopyright} 2017 IEEE.",

author = "Yinhao Xiao and Guangdong Bai and Jian Mao and Zhenkai Liang and Wei Cheng",

note = "Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].; 1st IEEE Symposium on Privacy-Aware Computing, PAC 2017 ; Conference date: 01-08-2017 Through 03-08-2017",

year = "2017",

month = dec,

day = "4",

doi = "10.1109/PAC.2017.29",

language = "English",

isbn = "9781538610275",

volume = "2017-January",

series = "Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017",

publisher = "IEEE",

pages = "152--163",

booktitle = "Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017",

address = "United States",

}

Xiao, Y, Bai, G, Mao, J, Liang, Z & Cheng, W 2017, Privilege Leakage and Information Stealing through the Android Task Mechanism. in Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017. vol. 2017-January, Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017, vol. 2017-January, IEEE, pp. 152-163, 1st IEEE Symposium on Privacy-Aware Computing, PAC 2017, Washington, United States, 1/08/17. https://doi.org/10.1109/PAC.2017.29

Privilege Leakage and Information Stealing through the Android Task Mechanism. / Xiao, Yinhao; Bai, Guangdong; Mao, Jian et al.
Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017. Vol. 2017-January IEEE, 2017. p. 152-163 (Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017; Vol. 2017-January).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Privilege Leakage and Information Stealing through the Android Task Mechanism

AU - Xiao, Yinhao

AU - Bai, Guangdong

AU - Mao, Jian

AU - Liang, Zhenkai

AU - Cheng, Wei

N1 - Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

PY - 2017/12/4

Y1 - 2017/12/4

N2 - To facilitate apps to collaborate in finish complex jobs, Android allows isolated apps to communicate through explicit interfaces. However, the communication mechanisms often give additional privilege to apps, which can be exploited by attackers. The Android Task Structure is a widely-used mechanism to facilitate apps' collaboration. Recent research has identified attacks to the mechanism, allowing attackers to spoof UIs in Android. In this paper, we present an analysis on the security of Android task structure. In particular, we analyze the system/app conditions that can cause the task mechanism to leak privilege. Furthermore, we identify new end-to-end attacks that enable attackers to actively interfere with victim apps to steal sensitive information. Based on our findings, we also develop atask interference checking app for exploits to the Android task structure. © 2017 IEEE.

AB - To facilitate apps to collaborate in finish complex jobs, Android allows isolated apps to communicate through explicit interfaces. However, the communication mechanisms often give additional privilege to apps, which can be exploited by attackers. The Android Task Structure is a widely-used mechanism to facilitate apps' collaboration. Recent research has identified attacks to the mechanism, allowing attackers to spoof UIs in Android. In this paper, we present an analysis on the security of Android task structure. In particular, we analyze the system/app conditions that can cause the task mechanism to leak privilege. Furthermore, we identify new end-to-end attacks that enable attackers to actively interfere with victim apps to steal sensitive information. Based on our findings, we also develop atask interference checking app for exploits to the Android task structure. © 2017 IEEE.

UR - https://www.scopus.com/pages/publications/85046533078

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85046533078&origin=recordpage

U2 - 10.1109/PAC.2017.29

DO - 10.1109/PAC.2017.29

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9781538610275

VL - 2017-January

T3 - Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017

SP - 152

EP - 163

BT - Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017

PB - IEEE

T2 - 1st IEEE Symposium on Privacy-Aware Computing, PAC 2017

Y2 - 1 August 2017 through 3 August 2017

ER -

Privilege Leakage and Information Stealing through the Android Task Mechanism

Abstract

Publication series

Conference

Bibliographical note

Funding

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this