Detecting Vulnerabilities of Broadcast Receivers in Android Applications

As being a representative mobile operating system in the world, Android OS has been part of users’ daily life. Unfortunately, the rapid expansion of Android third-markets introduces malware aiming at Android applications at an alarming rate, which poses great threats to its users. Current research about the privacy leakage in Android mostly focuses on Activity, Service and Content Providers. Little attention has been paid to the vulnerability of Broadcast Receiver, which is expected to assist intercomponent collaboration and facilitate component reutilization. In this thesis, we first present a detailed analysis on vulnerabilities of Broadcast Receiver. Then, we design and develop a Broadcast Receiver Vulnerability Detection (BRVD) system that examines such vulnerabilities, using a combination of semantic analysis and taint analysis. Furthermore, we perform experimental evaluation by analyzing 55 applications from Android third-markets using the proposed system; and 132 registered receivers are found with 11 vulnerable receivers being verified.