Detecting Passive Content Leaks and Pollution in Android Applications

Author(s): Yajin Zhou, Xuxian Jiang

Download: Paper (PDF)

Date: 23 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013

Abstract:

We systematically study two vulnerabilities in open content provider components of Android applications. The first vulnerability can be exploited to disclose various types of private in-app data while the second one can be leveraged to manipulate them and potentially cause serious side-effects.  Our evaluation with 62,519 Android applications shows that 2.3% of them are susceptible to these two vulnerabilities.