Security testing of second order permission re-delegation vulnerabilities in Android apps

In Android, inter-app communication is a cornerstone feature where apps exchange special messages called Intents in order to integrate with each other and deliver a rich end-user experience. In particular, in case an app is granted special permission, it can dispatch privileged Intents to request sensitive tasks to system components. However, a malicious app might hijack a defective privileged app and exploit it as a proxy, to forward attacking Intents to system components. We call this threat "Second Order Permission Re-delegation" vulnerability. In this paper, we present (i) a detailed description of this novel vulnerability and (ii) our approach based on static analysis and automated test cases generation to detect (and document) instances of this vulnerability. We empirically evaluated our approach on a large set of top Google Play apps. Results suggest that this novel vulnerability is neglected by state of the art, but that it is common even among popular apps. In fact, our approach found 27 real vulnerabilities with fast analysis time, while a state-of-the-art static analysis tool could find none of them.