Surreptitious sharing on Android
نویسندگان
چکیده
Many email and messaging applications on Android utilize the Intent API for sharing images, videos, and documents. Android standardizes Intents for sending and Intent Filters for receiving content. Instead of sending entire files, such as videos, via this API, only URIs are exchanged pointing to the actual storage position. In this paper we evaluate applications regarding a security vulnerability allowing privilege escalation and data leakage, which is related to the handling of URIs using the file scheme. We analyze a vulnerability called Surreptitious Sharing and present two scenarios showing how it can be exploited in practice. Based on these scenarios, 4 email and 8 messaging applications have been analyzed in detail. We found that 8 out of 12 applications are vulnerable. Guidelines how to properly handle file access on Android and a fix for the discussed vulnerability are attached.
منابع مشابه
Applied Project: The Collection of Information for Emergency Management: an Android Client with Web
Sharing emergency or disaster information in a timely manner is very important to people's life. With more and more people carrying a smart phone on daily basis, an emergency and disaster information sharing system accessible to smart phone users is necessary and could be very useful. This project is to construct a disaster and emergency information website that allows smart phone users to uplo...
متن کاملWorldCupinion: Experiences with an Android App for Real- Time Opinion Sharing during World Cup Soccer Games
Mobile devices are increasingly used in social networking applications. So far, there is little work on real-time emotion and opinion sharing in large loosely-coupled user communities. We present an Android app for giving realtime feedback during soccer games and to create ad hoc fan groups. We discuss our experiences with deploying this app over four weeks during 2010 soccer world cup. We high...
متن کاملWorldCupinion Experiences with an Android App for Real-Time Opinion Sharing During Soccer World Cup Games
Mobile devices are increasingly used in social networking applications and research. So far, there is little work on realtime emotion or opinion sharing in large loosely coupled user communities. One potential area of application is the assessment of widely broadcasted television (TV) shows. The idea of connecting non-collocated TV viewers via telecommunication technologies is referred to as So...
متن کاملMobile Torrent: Peer-To-Peer File Sharing In Android Devices
Peer-to-peer file sharing is very popular on the Internet. But, to use it, one has to be connected to the Internet and it incurs significant data cost. We are developing an android application for peer-to-peer file sharing named “Mobile Torrent” using which files can be shared between smartphones within a campus without using the Internet. Each application user can share files and can register ...
متن کاملInfrastructure-Less Communication Platform for Off-The-Shelf Android Smartphones
As smartphones and other small portable devices become more sophisticated and popular, opportunities for communication and information sharing among such device users have increased. In particular, since it is known that infrastructure-less device-to-device (D2D) communication platforms consisting only of such devices are excellent in terms of, for example, bandwidth efficiency, efforts are bei...
متن کامل