ARF

Over the past decade, the security of the Android platform has undergone significant scrutiny by both academic and industrial researchers. This scrutiny has been largely directed towards third-party applications and a few critical system interfaces, leaving much of Android’s middleware unstudied. Building upon recent efforts to more rigorously analyze authorization logic in Android’s system services, we revisit the problem of permission re-delegation, but in the context of system service entry points. The Android Re-delegation Finder (ARF) analysis framework aids security analysts in the identification of permission re-delegation vulnerabilities within Android’s system services. ARF analyzes an interconnected graph of entry points in system services, deriving calling dependencies, annotating permission checks, and identifying potentially vulnerable deputies that improperly expose information or functionality to third-party applications.

Publications

Downloading the Source Code

The source code for ARF is available on GitHub.

Required Input Files Examples

This section will be updated when the source code for ARF is released.

Output Data Examples

This section will be updated when the source code for ARF is released.

Running ARF

This section will be updated when the source code for ARF is released.