The Community for Technology Leaders
2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) (2017)
Urbana, IL, USA
Oct. 30, 2017 to Nov. 3, 2017
ISBN: 978-1-5386-3976-4
pp: 252-262
Sungho Lee , KAIST, Korea
Sungjae Hwang , LG Electronics, Korea
Sukyoung Ryu , KAIST, Korea
ABSTRACT
Android supports seamless user experience by maintaining activities from different apps in the same activity stack. While such close inter-app communication is essential in the Android framework, the powerful inter-app communication contains vulnerabilities that can inject malicious activities into a victim app's activity stack to hijack user interaction flows. In this paper, we demonstrate activity injection attacks with a simple malware, and formally specify the activity activation mechanism using operational semantics. Based on the operational semantics, we develop a static analysis tool, which analyzes Android apps to detect activity injection attacks. Our tool is fast enough to analyze real-world Android apps in 6 seconds on average, and our experiments found that 1,761 apps out of 129,756 real-world Android apps inject their activities into other apps' tasks.
INDEX TERMS
Androids, Humanoid robots, Electronic mail, Smart phones, Semantics, Malware
CITATION

S. Lee, S. Hwang and S. Ryu, "All about activity injection: Threats, semantics, and detection," 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), Urbana, IL, USA, 2017, pp. 252-262.
doi:10.1109/ASE.2017.8115638
304 ms
(Ver 3.3 (11022016))