COVERT: Compositional Analysis of Android Inter-App Permission Leakage

Author(s): Hamid Bagheri, Alireza Sadeghi, Joshua Garcia, Sam Malek
Venue: IEEE Transactions on Software Engineering
Date: 1 Sep 2015

Data Collection Method: Observation


Android is an incredibly versatile mobile operating system that allows inter-process communication (IPC). Android’s system for IPC leverages a set of Application Components which are the building blocks to access to the Android framework such as an Activity, Service, Broadcast Receiver, and Content Provider. IPC between these Application Components uses a system of registered Intent Filters, specifying exactly the type of message an application is known to handle. Within a single application, Android can enforce a strict policy of permissions by requiring each application to explicitly state used permission in its manifest. However, no such enforcement exist for permission requests between two applications through IPC and Intent Filters. For example, one application which is not granted the permission to make an expensive phone call may try and leverage another application which does and exploit the 2nd application’s granted permission for its own use.

This paper explains a system called COVERT to statically detect these IPC exploits on compiled Android applications. COVERT contains a model extract capable of path analysis to determine exactly which applications are maliciously abusing granted permissions of other applications. COVERT begins by extracting information from the manifest regarding requested permissions and statically analyzes where the application will make use of particular Intent API’s to launch IPC. It then analyzes the Intent Filters of the vulnerable application and uses different method path techniques to determine if the vulnerable application takes the appropriate measures to check if the calling Intent also has the required permission to a particular API call. If the vulnerable application fails to make the proper check, COVERT graphs this path in its model extraction to notify the caller of malicious activity. When executed on a small segment of application stores such Google Play F-Droid, COVERT was able to detect an average of 5 exploits per bundle analyzed.