Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps

Te expanding development of android applications is partially due to the communication model, named inter-component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in diferent types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI-related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI-related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer. © 2024 Azadeh Sarvazimi et al.