Android application component hijacking vulnerability detection method and system and related device

Abstract

The Android application component hijacking vulnerability detection method comprises: after it is judged that a sending component indirectly calls a receiving component through a medium component, checking whether the sending component and the medium component call a storage data type function to transmit data or not; if yes, recording a first key value set corresponding to the data type functioncalled and stored by the sending component and a second key value set corresponding to the data type function called and stored by the medium component respectively; judging whether the first key value set and the second key value set have the same target key value or not; and if yes, determining that the application component hijacking vulnerability exists. The Android application component hijacking vulnerability detection method does not need to detect the Android application component hijacking vulnerability only when the receiving component calls the system API with permission protection, is irrelevant to whether the receiving component calls the system API or not, and can detect the Android application component hijacking vulnerability more universally. The invention further provides an Android application component hijacking vulnerability detection system and device and a computer readable storage medium which all have the above beneficial effects.

Description

technical field [0001] This application relates to the field of Android application component hijacking vulnerability detection, in particular to a method, system, device and computer-readable storage medium for Android application component hijacking vulnerability detection. Background technique [0002] The android application consists of 4 types of basic components, including Activity (activity), Service (service), Broadcast receiver (broadcast receiver), content provider (content provider). [0003] Intent is the main medium of inter-component communication (ICC) in android applications. ICC methods such as startActivity(intent), startService(intent), and sendBroadcast(intent) can start Activity and Service, or send broadcast messages to Broadcast receiver. [0004] Intent contains both explicit and implicit. The explicit Intent specifies the receiving component, so the Intent will be sent to a specified component; the components that can receive the implicit Intent are...

AI Technical Summary

Problems solved by technology

The reason for the android application component hijacking problem is that the sending component calls the target component by using an implicit intent, and data leakage or even data tampering is caused by an unexpected component receiving the intent.

[0005] For the detection of android application component hijacking vulnerabilities, although there are already cross-application detection methods, they are still limited to only when the receiving component calls the system API with permission protection (such as sending text message method sendtextmessage()) to detect the vulnerability problem , for some methods that do not use these permissions, it cannot be detected, that is, it cannot be applied to a variety of application scenarios, and the universality is low

Images