Emerging Trends in ICT Security: Chapter 24. Detection of Intent-Based Vulnerabilities in Android Applications (Emerging Trends in Computer Science and Applied Computing)

The intent mechanism of the Android platform is a powerful message-passing system that allows for sharing data among components and applications. Nevertheless, it might also be used as an entry point for security attacks if incautiously employed. Attacks can be easily sent through intents to components, which can indirectly forward them to other components, and so on. In this context, this chapter proposes a model-based security testing approach to attempt to detect data vulnerabilities in Android applications. In other words, this approach generates test cases to check whether components are vulnerable to attacks, sent through intents that expose personal data. Our method takes Android applications and intent-based vulnerabilities formally expressed with models called vulnerability patterns. Then, and this is the originality of our approach, partial specifications are automatically generated from Android applications with algorithms reflecting the Android documentation. These specifications avoid false positives and refine test verdicts. A tool called APSET is presented and evaluated with tests on some Android applications.