Android Inter-Component Communication Analysis
Android has been one of the most popular platforms for smart phones,which has reached a 81.2% share in the mobile-phone market. Withsmart phones being ubiquitous, hackers are most likely to attack themto catch privacy of users. php projects titles ideas 2019 Android applications (also called Androidapps) have been proved the effective target.Google Play store hasprovided billions of Android apps, but unfortunately, the advancehas a dark side because security cannot be ensured by many Androidapps. Hence, more and more attention has been paid to Androidmalware. Taint flow analysis has been proved an effective approachto providing potential malicious data flows. It aims at determiningwhether a sensitive data flows from asourceto asink. The analysiscan be executed either dynamically or statically. Dynamic taintanalysis  relies on testing to reach a appropriate code coveragecriterion. It is able to precisely pinpoint leaks, but may be incompletein exploring all possible executing paths. In contrast, static analysistakes all the possible paths for consideration. But most of the staticanalyses available for Android apps [1,3] are inner-component basedanalysis which are unable to detect leaks across-components.Even though most of the privacy leaks happen in a single com-ponent, lots of inter-components privacy leaks have been reported.Thus, inner-component taint analysis is not enough to detect leaks.Efforts have also been devoted to implement static analysis for An-droid to supply us with a relatively satisfactory outcome. Amongthem, Inter-Component Communication (ICC)  analysis playsimportant roles since ICC values can facilitate a precise consequent.However, the current ICC analyses only consider ICC links be-tween components where reuse and revision of an Intent across-component are not considered. Thus, lots of potential leaks willescape from being tracked in the succeeding ICC leak detection.With this motivation, in this paper, we devote to ICC analysis onreused and revised Intents. To do so, first, ICC values are analyzedby taking reused and revised Intents into account. With this basis,target components of Intents are analyzed and ICC Graphs are built.On an ICCG, all the ICC flows, which are useful in tracking leaksacross-components, are contained. This will lay a critical foundationto the succeeding taint flow analysis. The proposed approach hasbeen implemented in a tool called ICC-Analyzer (ICCA) where IC3is integrated in for providing ICC values of the Intents which are notreused or revised.
Our approach is to analyse ICC values of Intents including thereusedandrevisedones. For clarity, first, we defineReused IntentsandRevised Intents: (1) An Intent is called a reused Intent if it isacquired by the ICC methodgetIntent()outside the componentwhere it is created; (2) Whenever a reused Intent is modified, it iscalled a revised Intent. The phenomenon that an Intent is reusedacross-component is calledIntent Reuse(IR) and the circumstancethat a reused Intent is revised across-component is denoted asInter-Component Intent Revision(ICIR). To characterize communicationsbetween components, an ICC linkl:m→Chas been defined tolink two components with an Intent. Heremis an ICC method inthe source component andCis the target component. In the targetcomponent, after being caught by methodgetIntent(),itispossible that the Intent is revised, which cannot be tracked by theexisting ICC leak detecting tools, such that we can exploit it to startanother component.The framework of our approach is shown in Figure 1. Our aim is toanalyse ICC values of Intents including thereusedandrevisedones,and construct the ICC graphs eventually. As known to all, an Androidapp runs on Dalvik virtual machine. Thus, we first convert the Dalvikbytecode of an app to an intermediate representation namely Jimplewith Soot . Then, with the obtained Jimple files and the bytecodeof the app, IC3 is employed to infer the involved ICC methodsand ICC values of Intents excluding thereusedandrevisedones. https://codeshoppy.com/php-projects-titles-topics.html Further, based on the acquired information, the Jimple programsare instrumented such that ICC values ofreusedandrevised Intentsare able to be precisely acquired by reusing IC3. When all the ICCvalues are obtained, target components of Intents can be inferredsubsequently. Finally, ICCG are constructed where a complete setof ICC flows are contained.
To acquire ICC values ofreusedandrevised Intents, Jimple codeof the app is instrumented such that IC3 can be reused for achievingour goal. In Android apps, methodgetIntent()is utilized toreuse an Intent which already occurs in another component. An In-tent as well as all its reuses share the same memory block physically.Thus, they cannot be analyzed individually. Otherwise, the obtainedICC values will be inaccurate. To acquire accurate ICC values ofreusedandrevised Intentswith the help of IC3, in the component where the Intent is reused, an extra static field is added to create anew Intent. Afterwards, we should promote it succeed in making allthereused Intentspoint to the newly created Intent. Even thoughinstrumenting Jimple in this way will change the semantics of theoriginal program, it is helpful in making IC3 be able to acquire themodified ICC values of thereused Intent. To do that, for each newlycreated Intenti, we first acquire the set of componentsCwhereIntentiis reused or revised. Then, each of the componentc∈Cisinstrumented by:(1)Generating a new static field by inserting “static IntentmyIntent=new Intent()” inside the component; and(2) replacing “getIntent()” with “myIntent”.We just use “myIntent” to indicate the newly introduced Intent.