Research On Program Slicing Technology For Android Intent-Related Vulnerabilities

At present,the Android system has occupied 70%of the market share of the mobile phone system,and Android applications have grown exponentially because of this.The number of apps available in Google Play alone has reached 2.68 million.However,according to related reports,63%of Android applications have security vulnerabilities and an average of 39 vulnerabilities exist in each application.These vulnerabilities can cause denial of service attacks at least,and user privacy leakage at worst.Therefore,security researchers have conducted a lot of research on Android vulnerabilities.Among them,the security vulnerabilities related to Intent have been focused on because Intent is an important carrier of the Android ICC(inter-component communication)mechanism.Researchers have proposed many analysis tools to automatically analyze vulnerabilities related to Intent.However,due to the characteristics of some analysis tools and the complex principles of some vulnerabilities(such as the Intent redirection vulnerability and PendingIntent vulnerability studied in this thesis),existing tools cannot analyze these vulnerabilities accurately and efficiently.Therefore,based on the research on relevant vulnerability principles,this thesis proposes a data flow analysis tool named sliceDroid based on program slicing.This tool can accurately and efficiently scan the vulnerabilities studied in this thesis,and can also scan other vulnerabilities according to user-defined rules.This thesis first conducts an in-depth study on two Intent-related security vulnerabilities,namely,the Intent redirection vulnerability and the PendingIntent vulnerability.We analyze their principles,harms,repair methods and shortcomings of existing tools.Based on these,this thesis proposes a data flow analysis tool,sliceDorid,based on program slicing.SliceDroid can decompile APK files,read user-defined vulnerability rules,and perform data flow analysis on the decompiled code to track whether a variable calls some key functions or analyzes the specific values of constants.After the analysis is completed,the relevant results are output for subsequent analysis by users.Using this tool,we scanned the applications in the third-party market and the pre-installed applications and found many real vulnerabilities.We manually verified the vulnerabilities of the pre-installed applications and reported 11 vulnerabilities to the corresponding vendors.All the vulnerabilities were confirmed,and two of them were awarded CNVD numbers(CNVD-2021-10296 and CNVD-2021-00644).