Title: HOW TO VIOLATE ANDROID’S PERMISSION SYSTEM WITHOUT VIOLATING IT

Year of Publication: 2013
Page Numbers: 18-25
Authors: Kyoung Soo Han, Yeoreum Lee, Biao Jiang, Eul Gyu Im
Conference Name: The Third International Conference on Digital Information Processing and Communications (ICDIPC2013)
- United Arab Emirates

Abstract:


Android uses permissions for application security management. Android also allows inter-application communication (IAC) which enables cooperation between different applications to perform complex tasks and is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications to collude in an attack of privilege escalation. In this paper, we demonstrate by case studies that all IAC channels can be potentially utilized for privilege escalation attacks, and propose refinement to solve this problem by taking IAC as permissions and exposing IAC to users.