Open AccessSecurity Threats Caused by Public Event Callback in Android Application
Author(s) -
Chenkai Guo,
Jingwen Zhu,
Xiaoyu Yan,
Yan Li
Publication year - 2020
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1453/1/012127
Subject(s) - callback , android (operating system) , computer security , computer science , event (particle physics) , threat model , public security , internet privacy , operating system , political science , physics , quantum mechanics , programming language , public administration
The feature of event-driven acts as a key role that makes Android application differentiate from traditional PC software. Since many of those events are hardly predicted and could not be observed by other applications, attackers are similarly impossible to engage corresponding attacks by finding the vulnerabilities of such an event-driven mechanism. However, of various kinds of events offered by either user or system, there are still events that can be received by more than one application and further, which could offer important basic resources to predict specific behaviours of targeted application. In this paper, we aim to analyse potential security threats inside them and demonstrate typical kinds of proof-of-concept attack examples. Apart from that, the critical mechanism-public event callback (PEC) that may cause the threat is firstly modelled and studied, where its four main parts are introduced in detail.