On Shielding Android's Pending Intent from Malware Apps Using a Novel Ownership-Based Authentication

Pendinglntent (PI) is an authority to use the sender's permissions and identity by the receiver. Unprotected broadcast and PI s with an empty base intent are some of the vulnerable features that a malware utilizes to perform unauthorized access and privilege escalation (PE) attacks on the PI. To protect the PI from the above attacks, this paper proposes Sticky mu tent, an application-layer solution that uses ownership-based authentication to dynamically control the accessibility of the PI. Sticky mu tent is the first holistic work to use ownership-types to protect PI s from malware attacks. Some of the existing solutions follow static analysis of binary to identify the PI vulnerability. Through our empirical study using 23,922 apps, we found similar to 17% of PI-based vulnerabilities leads to unauthorized access and privilege escalation, which can be solved by using Sticky mu tent. We tested our model on the state-of-art applications and found an impressive harmonic mean (F1-score) value of 0.95-0.97 for intra and inter component analysis, which is 0.4-0.18 percentage more from the existing RAICC's (a static analysis model instrumented with IccTA/Amandroid) result. As a proof-of-concept, we have taken a few real-world PI-based applications and replaced the PI with Sticky mu tent library. By comparing the result with RAICC, we can see that Sticky mu tent performs better in protecting PI dynamically from malware access. Though the proposed solution has an overhead of 0.005% per 5 min application test, the end-user suffers only negligible execution overhead in the screen response and notification delays.