Potential privacy vulnerabilities in android data sharing between applications

Taenam Cho; Seung Hyun Seo; Seungjoo Kim

Potential privacy vulnerabilities in android data sharing between applications

Taenam Cho, Seung Hyun Seo, Seungjoo Kim

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

Abstract

High-performance smartphones have enabled people to accomplish diverse types of work thanks to apps which provide unprecedented portability and convenience. Unlike PCs, smartphones are constantly on and connected with the Internet via WiFi or mobile communication networks. Nonetheless, such convenience also sets up an environment favorable for attackers as well, possibly leading to the leakage of user sensitive information in real-time. In this paper, we analyzed the vulnerabilities of ContentProviders, and how it is able to leak the data of other apps. In order to show the risk of illegal leakage of personal data stored in other apps, we created a proof-of-concept malicious application by using the potential vulnerabilities which may be exploited by attackers. Then, we proposed countermeasures to address the vulnerabilities of ContentProviders.

Original language	English
Pages (from-to)	1517-1531
Number of pages	15
Journal	Information (Japan)
Volume	17
Issue number	4
Publication status	Published - 2014 Apr

Keywords

Android
Content Provider
Data sharing
Malware
Security

ASJC Scopus subject areas

Information Systems

Cite this

@article{23231a1b310448d3a94aa3fe268bd152,

title = "Potential privacy vulnerabilities in android data sharing between applications",

abstract = "High-performance smartphones have enabled people to accomplish diverse types of work thanks to apps which provide unprecedented portability and convenience. Unlike PCs, smartphones are constantly on and connected with the Internet via WiFi or mobile communication networks. Nonetheless, such convenience also sets up an environment favorable for attackers as well, possibly leading to the leakage of user sensitive information in real-time. In this paper, we analyzed the vulnerabilities of ContentProviders, and how it is able to leak the data of other apps. In order to show the risk of illegal leakage of personal data stored in other apps, we created a proof-of-concept malicious application by using the potential vulnerabilities which may be exploited by attackers. Then, we proposed countermeasures to address the vulnerabilities of ContentProviders.",

keywords = "Android, Content Provider, Data sharing, Malware, Security",

author = "Taenam Cho and Seo, {Seung Hyun} and Seungjoo Kim",

year = "2014",

month = apr,

language = "English",

volume = "17",

pages = "1517--1531",

journal = "Information (Japan)",

issn = "1343-4500",

publisher = "International Information Institute",

number = "4",

}

TY - JOUR

T1 - Potential privacy vulnerabilities in android data sharing between applications

AU - Cho, Taenam

AU - Seo, Seung Hyun

AU - Kim, Seungjoo

PY - 2014/4

Y1 - 2014/4

N2 - High-performance smartphones have enabled people to accomplish diverse types of work thanks to apps which provide unprecedented portability and convenience. Unlike PCs, smartphones are constantly on and connected with the Internet via WiFi or mobile communication networks. Nonetheless, such convenience also sets up an environment favorable for attackers as well, possibly leading to the leakage of user sensitive information in real-time. In this paper, we analyzed the vulnerabilities of ContentProviders, and how it is able to leak the data of other apps. In order to show the risk of illegal leakage of personal data stored in other apps, we created a proof-of-concept malicious application by using the potential vulnerabilities which may be exploited by attackers. Then, we proposed countermeasures to address the vulnerabilities of ContentProviders.

AB - High-performance smartphones have enabled people to accomplish diverse types of work thanks to apps which provide unprecedented portability and convenience. Unlike PCs, smartphones are constantly on and connected with the Internet via WiFi or mobile communication networks. Nonetheless, such convenience also sets up an environment favorable for attackers as well, possibly leading to the leakage of user sensitive information in real-time. In this paper, we analyzed the vulnerabilities of ContentProviders, and how it is able to leak the data of other apps. In order to show the risk of illegal leakage of personal data stored in other apps, we created a proof-of-concept malicious application by using the potential vulnerabilities which may be exploited by attackers. Then, we proposed countermeasures to address the vulnerabilities of ContentProviders.

KW - Android

KW - Content Provider

KW - Data sharing

KW - Malware

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84902676777&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84902676777

SN - 1343-4500

VL - 17

SP - 1517

EP - 1531

JO - Information (Japan)

JF - Information (Japan)

IS - 4

ER -

Potential privacy vulnerabilities in android data sharing between applications

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this