Return to search

iOS vs Android: Security of Inter-App Communication

Android and iOS are the world leading mobile operating systems in today’s growing market of handheld devices. Third-party applications are an important aspect of these systems but can also provide an attack-vector for exploiting other installed applications. Previous studies have shown that the Android inter- app communication (IAC) mechanism Intent can be used for causing harm to other apps. In contrast, research involving iOS app communication have been sparse because of the closed nature of the iOS ecosystem. One of the previous studies showed the possibility of using Android Intents for hijacking and forging payments between a company application providing payments via the Swedish payment application Swish and their App2App API. This study extends this previous work by creating an artifact that performs the same exploit on the iOS platform. iOS uses a URL-scheme for opening and sending data between applications. This mechanism is used for creating the communication between apps and finding out if payment information sent via the URL- scheme can be hijacked instead of arriving at the intended Swish application. The experiences drawn from the exploit were used in combination with the previous work to find differences between the IAC mechanisms. Finally, a literature study is presented with the latest mitigation techniques for IAC vulnerabilities.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:miun-45908
Date January 2022
CreatorsHolmberg, Albin
PublisherMittuniversitetet, Institutionen för data- och systemvetenskap
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0023 seconds