A Model-Based Approach for Representing Data Sharing Mechanism in Android Applications

Abstract

Data sharing is one of the main Inter-Process Communication (IPC) mechanisms that allows the components of Android applications to interact. The Content Provider is one of the four primary app components, which provides the capability to share data between app components. However, unsafe implementation of this component and exploiting it can lead to various security issues such as passive data leak and content pollution. Despite the plethora of studies on Android app security analysis, yet there is a basic need for approaches that can analyze apps and identify the data sharing issues. To fill this gap, in this paper, a model-based static analysis approach is proposed that receives an Android application and extracts a domain-specific model from the app to perform various app analyses, including security analysis, functionality analysis, and performance analysis. This model includes the security aspects of the app, particularly the information related to the Content Providers and Uniform Resource Identifiers (URIs). The proposed approach is evaluated to examine the extent to which this approach leads to purposeful high-level representations from Android apps. The results indicate that the comprehensive and high-level representations generated from apps are practical to check the presence of data sharing issues in Android applications. © 2022 IEEE.