On Shielding Android's Pending Intent from Malware Apps Using a Novel Ownership-Based Authentication

PendingIntent (PI) is an authority to use the sender's permissions and identity by the receiver. Unprotected broadcast and PI s with an empty base intent are some of the vulnerable features that a malware utilizes to perform unauthorized access and privilege escalation (PE) attacks on the PI. To protect the PI from the above attacks, this paper proposes Stickyμtent, an application-layer solution that uses ownership-based authentication to dynamically control the accessibility of the PI. Stickyμtent is the first holistic work to use ownership-types to protect PI s from malware attacks. Some of the existing solutions follow static analysis of binary to identify the PI vulnerability. Through our empirical study using 23,922 apps, we found ∼17% of PI-based vulnerabilities leads to unauthorized access and privilege escalation, which can be solved by using Stickyμtent. We tested our model on the state-of-art applications and found an impressive harmonic mean (F1-score) value of 0.95-0.97 for intra and inter component analysis, which is 0.4-0.18 percentage more from the existing RAICC's (a static analysis model instrumented with IccTA/Amandroid) result. As a proof-of-concept, we have taken a few real-world PI-based applications and replaced the PI with Stickyμtent library. By comparing the result with RAICC, we can see that Stickyμtent performs better in protecting PI dynamically from malware access. Though the proposed solution has an overhead of 0.005% per 5min application test, the end-user suffers only negligible execution overhead in the screen response and notification delays.