Where Does Your Intent Go and How It Behaves? A Robustness Study of Intent Reachability and Handling in Android Systems

Abstract

In Android systems, inter-process communication relies heavily on intent, which can be understood as a message between apps. However, (i)intents can be hijacked when they are transmitted from senders to receivers. Even if received securely, due to developer's underestimation of intent data complexity, (ii)intents can cause exceptions in their receivers. An app is at the risk of losing response, and even crashing if it fails to handle the exceptions properly.

To deal with the two potential problems above, we added an Android framework-layer module to reject the installation of suspicious apps that may hijack intents during transmission. In addition, we proposed and implemented FuzzingDroid, a utility tool that generates various relevant intents to fuzz test publicly-accessible intent receivers in apps. The tool is important because it helps developers detect the weakness of their incoming intent handling code before they release their apps. At its core, FuzzingDroid relies on our instrumented Android framework-layer module to generate the variant parts in fuzzing intents. The outcome of using FuzzingDroid is pretty good: after analyzing 47 highly-downloaded apps from Google Play Store, 46 highly-downloaded apps from other popular online app markets, 45 core system apps from LG Nexus 5 and 32 core system apps from XiaoMi phone respectively, we found 49 of the total 170 apps were crashed due to various intent handling deficiencies. FuzzingDroid is also a very efficient tool. It takes about 1 minute to fuzz an app completely with only 5% increase in CPU utilization and 24MB increase in memory utilization.