On Shielding Android’s Pending Intent from Malware Apps Using a Novel Ownership-Based Authentication

Abstract

PendingIntent (PI) is an authority to use the sender’s permissions and identity by the receiver. Unprotected broadcast and PI s with an empty base intent are some of the vulnerable features that a malware utilizes to perform unauthorized access and privilege escalation (PE) attacks on the PI. To protect the PI from the above attacks, this paper proposes Sticky[Formula: see text]tent, an application-layer solution that uses ownership-based authentication to dynamically control the accessibility of the PI. Sticky[Formula: see text]tent is the first holistic work to use ownership-types to protect PI s from malware attacks. Some of the existing solutions follow static analysis of binary to identify the PI vulnerability. Through our empirical study using 23,922 apps, we found [Formula: see text]17% of PI-based vulnerabilities leads to unauthorized access and privilege escalation, which can be solved by using Sticky[Formula: see text]tent. We tested our model on the state-of-art applications and found an impressive harmonic mean (F1-score) value of 0.95–0.97 for intra and inter component analysis, which is 0.4–0.18 percentage more from the existing RAICC’s (a static analysis model instrumented with IccTA/Amandroid) result. As a proof-of-concept, we have taken a few real-world PI-based applications and replaced the PI with Sticky[Formula: see text]tent library. By comparing the result with RAICC, we can see that Sticky[Formula: see text]tent performs better in protecting PI dynamically from malware access. Though the proposed solution has an overhead of 0.005% per 5[Formula: see text]min application test, the end-user suffers only negligible execution overhead in the screen response and notification delays.