Detecting and Defending against Inter-App Permission Leaks in Android Apps

Android encourages inter-app interactions and facilitates functionality reusability by providing flexible inter-component communication (ICC) among apps. Components in apps can communicate with other components within single app or cross different apps. However, through this mechanism, components may leak permissions either carelessly or maliciously. Unfortunately, the current app-level permission model in Android cannot prevent such permissions leaks incurred by inter app communication. Simple permission enforcement is not sufficient as it cannot differentiate between normal permission usage and malicious permission usage (i.e., permission leakage). Therefore, users are required to grant permissions to apps during app installation, which may lead to permission mismanaged. In this paper, we propose IntentChecker that aims to detect permission leakage by proposing a light-weight mechanism. IntentChecker defends against the permission leakage attacks by adding authorization extension to the ICC mechanism and automatically generating patches for vulnerable apps. We evaluate IntentChecker with two benchmarks, i.e., Droidbench and ICCbench, and with 4031 real world apps. IntentChecker finds 324 apps that includes at least one permission leakage. We verify the effectiveness of the defense mechanism with 10 apps randomly selected from the vulnerable apps, which demonstrates that it is effective to prevent inter app permission leakage.