AppSeer:发现Android组件之间有缺陷的交互

Proceedings of the 1st International Workshop on Advances in Mobile App Analysis Pub Date : 2018-09-04 DOI:10.1145/3243218.3243225

Vincenzo Chiaramida, F. Pinci, U. Buy, Rigel Gjomemo

{"title":"AppSeer:发现Android组件之间有缺陷的交互","authors":"Vincenzo Chiaramida, F. Pinci, U. Buy, Rigel Gjomemo","doi":"10.1145/3243218.3243225","DOIUrl":null,"url":null,"abstract":"We identify several reliability issues arising from interactions between components of system-defined Android apps and components of third-party apps. These issues are generally caused by incorrect assumptions that system apps make about the behavior of third-party apps, resulting in significant vulnerabilities in system apps. For instance, it is possible for a third-party app to make many system applications to crash, including the Phone app used to make and receive phone calls, the Settings app used to configure a mobile device, and several other apps that expose a so-called started service. Our findings indicate that additional automated tools for integration testing and static analysis of Android apps are in order. Here we discuss AppSeer, a toolset that automatically detects vulnerabilities of system apps and third-party apps. Preliminary precision and recall results for AppSeer are quite encouraging.","PeriodicalId":324676,"journal":{"name":"Proceedings of the 1st International Workshop on Advances in Mobile App Analysis","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"AppSeer: discovering flawed interactions among Android components\",\"authors\":\"Vincenzo Chiaramida, F. Pinci, U. Buy, Rigel Gjomemo\",\"doi\":\"10.1145/3243218.3243225\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We identify several reliability issues arising from interactions between components of system-defined Android apps and components of third-party apps. These issues are generally caused by incorrect assumptions that system apps make about the behavior of third-party apps, resulting in significant vulnerabilities in system apps. For instance, it is possible for a third-party app to make many system applications to crash, including the Phone app used to make and receive phone calls, the Settings app used to configure a mobile device, and several other apps that expose a so-called started service. Our findings indicate that additional automated tools for integration testing and static analysis of Android apps are in order. Here we discuss AppSeer, a toolset that automatically detects vulnerabilities of system apps and third-party apps. Preliminary precision and recall results for AppSeer are quite encouraging.\",\"PeriodicalId\":324676,\"journal\":{\"name\":\"Proceedings of the 1st International Workshop on Advances in Mobile App Analysis\",\"volume\":\"63 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 1st International Workshop on Advances in Mobile App Analysis\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3243218.3243225\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1st International Workshop on Advances in Mobile App Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3243218.3243225","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

我们确定了系统定义的Android应用程序组件和第三方应用程序组件之间的交互产生的几个可靠性问题。这些问题通常是由系统应用对第三方应用行为的错误假设引起的，从而导致系统应用存在重大漏洞。例如，第三方应用程序可能会使许多系统应用程序崩溃，包括用于拨打和接听电话的Phone应用程序，用于配置移动设备的设置应用程序，以及其他几个公开所谓已启动服务的应用程序。我们的发现表明，用于Android应用集成测试和静态分析的额外自动化工具已经就位。这里我们讨论AppSeer，一个自动检测系统应用程序和第三方应用程序漏洞的工具集。AppSeer的初步精度和召回结果相当令人鼓舞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

AppSeer: discovering flawed interactions among Android components

We identify several reliability issues arising from interactions between components of system-defined Android apps and components of third-party apps. These issues are generally caused by incorrect assumptions that system apps make about the behavior of third-party apps, resulting in significant vulnerabilities in system apps. For instance, it is possible for a third-party app to make many system applications to crash, including the Phone app used to make and receive phone calls, the Settings app used to configure a mobile device, and several other apps that expose a so-called started service. Our findings indicate that additional automated tools for integration testing and static analysis of Android apps are in order. Here we discuss AppSeer, a toolset that automatically detects vulnerabilities of system apps and third-party apps. Preliminary precision and recall results for AppSeer are quite encouraging.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 1st International Workshop on Advances in Mobile App Analysis

自引率

0.00%

发文量