Abstract
Data sharing is one of the main Inter-Process Communication (IPC) mechanisms that allows the components of Android applications to interact. The Content Provider is one of the four primary app components, which provides the capability to share data between app components. However, unsafe implementation of this component and exploiting it can lead to various security issues such as passive data leak and content pollution. Despite the plethora of studies on Android app security analysis, yet there is a basic need for approaches that can analyze apps and identify the data sharing issues. To fill this gap, in this paper, a model-based static analysis approach is proposed that receives an Android application and extracts a domain-specific model from the app to perform various app analyses, including security analysis, functionality analysis, and performance analysis. This model includes the security aspects of the app, particularly the information related to the Content Providers and Uniform Resource Identifiers (URIs). The proposed approach is evaluated to examine the extent to which this approach leads to purposeful high-level representations from Android apps. The results indicate that the comprehensive and high-level representations generated from apps are practical to check the presence of data sharing issues in Android applications.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
