Detecting the Privilege Escalation Vulnerabilities in Android Applications
Zhong Xing-qiu;Zeng Fan-ping;Cheng Zhi-chao;Xie Nian-nian;Qin Xiao-xia;Guo Shu-li;School of Computer Science and Technology,University of Science and Technology of China;Anhui Province Key Lab of Software in Computing and Communication;
Android applications can communicate with each other to share data with the ability of inter-component communication provided by Android. To protect the security of system, Android applications are not allowed to access sensitive APIs unless they have the corresponding permissions. But malicious applications can still call sensitive APIs indirectly through calling components exposed by other applications, leading to privilege escalation, i.e., applications without sensitive permissions can access sensitive APIs. Android system is insecure if privilege escalation is used by malicious applications. In this paper, we propose a method based on inter-application taint flow analysis to detect privilege escalation vulnerabilities between two Android applications.
【CateGory Index】： TP309;TP316