ORCID: https://orcid.org/0009-0003-0877-4852 und Kinder, Johannes ORCID: https://orcid.org/0000-0002-8594-7839
(2023):
Poster: Privacy Risks from Misconfigured Android Content Providers.
CCS '23: ACM SIGSAC Conference on Computer and Communications Security, Copenhagen Denmark, November 26 - 30, 2023.
Meng, Weizhi; Jensen, Christian; Cremers, C. J. F. und Kirda, Engin (Hrsg.):
In: CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security,
New York, NY, United States: Association for Computing Machinery. S. 3579-3581
Abstract
Android applications record and process personal user data, and they can share it among each other throughcontent providers. While the access is protected through multiple mechanisms, unintentional misconfigurations can allow an attacker to access or modify private application data. In this work, we study how content providers protect private data in a systematic study on 14.4 million Android apps. We identify potentially vulnerable apps by using static analysis to successively reduce the set of target apps. Using a custom attack app, we can confirm data leakage in practice and successfully access privacy-sensitive information. We conclude that this points to an inherent problem in designing secure Android applications and discuss possible mitigations.
| Dokumententyp: | Konferenzbeitrag (Paper) |
|---|---|
| Fakultät: | Mathematik, Informatik und Statistik > Informatik |
| Themengebiete: | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik |
| ISBN: | 979-8-4007-0050-7 |
| Ort: | New York, NY, United States |
| Sprache: | Englisch |
| Dokumenten ID: | 121932 |
| Datum der Veröffentlichung auf Open Access LMU: | 04. Nov. 2024 13:59 |
| Letzte Änderungen: | 04. Nov. 2024 13:59 |
- Dokument bearbeiten
