iOS vs Android: Security of Inter-App Communication

Holmberg, Albin

January 2022

Android and iOS are the world leading mobile operating systems in today’s growing market of handheld devices. Third-party applications are an important aspect of these systems but can also provide an attack-vector for exploiting other installed applications. Previous studies have shown that the Android inter- app communication (IAC) mechanism Intent can be used for causing harm to other apps. In contrast, research involving iOS app communication have been sparse because of the closed nature of the iOS ecosystem. One of the previous studies showed the possibility of using Android Intents for hijacking and forging payments between a company application providing payments via the Swedish payment application Swish and their App2App API. This study extends this previous work by creating an artifact that performs the same exploit on the iOS platform. iOS uses a URL-scheme for opening and sending data between applications. This mechanism is used for creating the communication between apps and finding out if payment information sent via the URL- scheme can be hijacked instead of arriving at the intended Swish application. The experiences drawn from the exploit were used in combination with the previous work to find differences between the IAC mechanisms. Finally, a literature study is presented with the latest mitigation techniques for IAC vulnerabilities.

iOS Security

Android Security

URL-scheme Hijack

Intent Hijack

Swish

Software Engineering

Programvaruteknik

Security Enhancement of Secure USB Debugging in Android System

Xu, Mingzhe

January 2014

No description available.

Computer Science

Android Security

Android Debug Bridge

Secure USB Debugging

Smart Phone Security

Aplikace pro Android na bezpečnostní monitorování komunikace / Android App for Security Monitoring of Communication

Klepáčková, Karolína

January 2019

This diploma thesis is focused on implementation of application for security monitoring of network communication of other applications in mobile device with Android platform. Provides users information about security risks that may harm his/her privacy or device. It uses a local VPN to tunnel all data sent to the wireless network. These can be linked to an application that has sent them because the Android kernel is derived from the Linux kernel and can be used to retrieve information about established network connections and the application identifier associated with the connection. This mapping allows to get more information about an app that is potentially dangerous for your mobile device.

Zabezpečený přenos dat pomocí čarových kódů / Secure data transmition using bar codes

Kratochvíl, Martin

January 2011

The goal of this thesis was to create a system for visual data transmition using bar codes. It focuses mainly on the protection of the system against abuse. A mechanism was designed for the data transmition itself and the various security concepts. The most appropriate bar code for data transmition was selected on the basis of the analysis.

Security Vetting Of Android Applications Using Graph Based Deep Learning Approaches

Poudel, Prabesh

02 June 2021

No description available.

Computer Science

android security vetting

sequence of API calls

capsule graph neural network

android

deep learning

static analysis

Caractérisation et détection de malware Android basées sur les flux d'information. / Characterization and detection of Android malware based on information flows

Andriatsimandefitra Ratsisahanana, Radoniaina

15 December 2014

Les flux d’information sont des transferts d’information entre les objets d’un environnement donné. À l’échelle du système, pour toute information appartenant à une application donnée, les flux impliquant cette information décrivent comment l’application propage ses données dans le système et l’ensemble de ces flux peut ainsi être considéré comme un profil comportemental de l’application. À cause du nombre croissant d’applications malveillantes, il est devenu nécessaire d’explorer des nouvelles techniques permettant de faciliter voir automatiser l’analyse et la détection de malware. Dans cette thèse, nous proposons ainsi une méthode pour caractériser et détecter les malware Android en nous basant sur les flux d’information qu’ils causent dans le système. Cette méthode repose sur deux autres contributions de la thèse : AndroBlare, la version Android d’un moniteur de flux d’information du nom de Blare, et les graphes de flux système, une structure de donnée représentant de manière compacte et humainement compréhensible les flux d’information observés. Nous avons évalué avec succès notre approche en construisant le profil de 4 malware différents et avons montré que ces profils permettaient de détecter l’exécution d’applications infectées par les malware dont on a un profil. / : Information flows are information exchanges between objects in a given environment. At system level, information flows involving data belonging to a given application describe how this application disseminates its data in the system and can be considered as behaviour based profile of the application. Because of the increasing number of Android malware, there is an urgent need to explore new approaches to analyse and detect Android malware. In this thesis, we thus propose an approach to characterize and detect Android malware based on information flows they cause in the system. This approach leverages two other contributions of the thesis which are AndroBlare, the Android version of an information flow monitor named Blare, and the system flow graph, a data structure to represent in a compact and human readable way the information flows observed by AndroBlare. We successfully evaluated our approach by building the profile of 4 different malware and showed that these profiles permitted to detect the execution of applications infected by malware for which we have computed a profile.

Malware Android

Analyse dynamique de malware

Sécurité Android

Suivi de flux d’information

Détection de malware

Android malware

Dynamic analysis of Android malware

Android security

Dynamic information flow tracking

Malware detection

378.242

Mechanismy zabezpečení OS Android s využitím jazyka Kotlin / Security mechanisms of OS Android utilizing the Kotlin language

Balaževič, Lukáš

January 2020

Mobilné zariadenia sú v rámci technologickej histórie novinka a pri technológii, ktorá sa vyvíja tak rapídnym tempom a rastom používania je nutné dbať na zabezpečenie. Táto diplomová práca sa zaoberá rozborom bezpečnostných mechanizmov používaných v Android OS a komunikáciou medzi OS Android a vzdialeným serverom. Cieľom je preskúmať tieto mechanizmy a otestovať aké kryptografické metódy a postupy je najvýhodnejšie používať z hľadiska bezpečnosti s ohľadom na efektivitu. Tieto znalosti boli použité pre vytvorenie demonštračného systému, ktorý využíva vybrané zabezpečovacie mechanizmy a kryptografické postupy.

Technologie NFC a její zabezpečení / NFC technology and its security

Mertlík, Tomáš

January 2013

The first objective of this paper is to describe the Android operating system. The chapter presents history and architecture regarding to all versions of the operating system. The significant part of chapter is focused on security. The second main topic of this paper is analysing the NFC (Near Field Communication) technology. This technology is based on an older contactless system RFID (Radio Frequency Communication), so RFID is described either. The NFC technology chapter contains the description of usability, history and the definitions of physical layer, link layer and NDEF (NFC Data Exchange) data format, used for data transmitting. The next chapter is focusing on the analysis of the NFC vulnerability. It contains a possible attacks methods and solutions how to prevent them. The output of this paper is the projection and creation of an application, which allow sending an arbitrary data between two devices using the NFC technology. Additional Bluetooth technology can be used for larger files. In this case, NFC helps to create Bluetooth communication channel which is utilized for data transfer.

Using Near-Field Communication (NFC) to Improve Messaging Privacy on Android OS / Using Near-Field Communication (NFC) to Improve Messaging Privacy on Android OS

Karmazín, Jaromír

January 2016

V této práci vytváříme jednoduchý systém pro rychlou textovou komunikaci (IM), který využívá technologii Near-Field Communication (NFC) ke zlepšení bezpečnosti a soukromí. V první části zkoumáme samotnou technologii NFC. Poté se věnujeme možnostem NFC v operačním systému Android pro chytrá mobilní zařízení a také existujícím aplikacím, které tyto možnosti využívají. Rovněž zkoumáme nejmodernější přístup k bezpečnému IM, zejména Signal Protocol a jeho open-source implementaci pro Android. Dále pak navrhujeme IM systém, který používá Signal Protocol pro šifrování zpráv a NFC pro výměnu kryptografického materiálu, aniž by vyžadoval použití telefonních čísel nebo důvěryhodnou třetí stranu. Nakonec předkládáme vzorovou implementaci klientské i serverové aplikace a zhodnocení vlastností tohoto systému z hlediska soukromí a bezpečí.

Dynamická úprava bezpečnostní politiky na platformě Android / Dynamic Security Policy Enforcement on Android

Vančo, Matúš

January 2016

This work proposes the system for dynamic enforcement of access rights on Android. Each suspicious application can be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.