Write a Blog >>
Fri 13 Nov 2020 08:03 - 08:04 at Virtual room 2 - Mobile

The Android ecosystem offers different facilities to enable communication among app components and across apps to ensure that rich services can be composed through functionality reuse. At the heart of this system is the Inter-component communication (ICC) scheme, which has been largely studied in the literature. Less known in the community is another powerful mechanism that allows for direct inter-app code invocation which opens up for different reuse scenarios, both legitimate or malicious. This paper exposes the general workflow for this mechanism, which beyond ICCs, enables app developers to access and invoke functionalities (either entire Java classes, methods or object fields) implemented in other apps using official Android APIs. We experimentally showcase how this reuse mechanism can be leveraged to “plagiarize" supposedly-protected functionalities. Typically, we were able to leverage this mechanism to bypass security guards that a popular video broadcaster has placed for preventing access to its video database from outside its provided app. We further contribute with a static analysis toolkit, named DICIDer, for detecting direct inter-app code invocations in apps. An empirical analysis of the usage prevalence of this reuse mechanism is then conducted. Finally, we discuss the usage contexts as well as the implications of this studied reuse mechanism.

Fri 13 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

08:00 - 08:02
Talk
Research Papers
Yutian TangShanghaiTech University, Yulei SuiUniversity of Technology Sydney, Haoyu WangBeijing University of Posts and Telecommunications, Xiapu LuoHong Kong Polytechnic University, China, Hao ZhouHong Kong Polytechnic University, China, Zhou XuChongqing University, China
DOI
08:03 - 08:04
Talk
Research Papers
Jun GaoUniversity of Luxembourg, Luxembourg, Li LiMonash University, Australia, Pingfan KongUniversity of Luxembourg, Luxembourg, Tegawendé F. BissyandéUniversity of Luxembourg, Luxembourg, Jacques KleinUniversity of Luxembourg, Luxembourg
DOI Pre-print Media Attached
08:05 - 08:06
Talk
Student Research Competition
Zamira KholmatovaInnopolis University, Russia
DOI
08:07 - 08:08
Talk
Journal First
Li LiMonash University, Australia, Tegawendé F. BissyandéUniversity of Luxembourg, Luxembourg, Jacques KleinUniversity of Luxembourg, Luxembourg
08:09 - 08:10
Talk
Research Papers
Linjie PanInstitute of Software at Chinese Academy of Sciences, China, Baoquan CuiInstitute of Software at Chinese Academy of Sciences, China, Hao LiuBeijing University of Technology, China, Jiwei YanInstitute of Software at Chinese Academy of Sciences, China, Siqi WangBeijing University of Technology, China, Jun YanInstitute of Software at Chinese Academy of Sciences, China, Jian ZhangInstitute of Software at Chinese Academy of Sciences, China
DOI
08:11 - 08:30
Talk
Paper Presentations
Jun GaoUniversity of Luxembourg, Luxembourg, Li LiMonash University, Australia, Linjie PanInstitute of Software at Chinese Academy of Sciences, China, Yutian TangShanghaiTech University, Zamira KholmatovaInnopolis University, Russia, M: David LoSingapore Management University