SecComp: Towards Practically Defending Against Component Hijacking in Android Applications

TL;DR

This paper proposes SecComp, a proactive in-app security library for Android that helps developers prevent component hijacking through mandatory access control and customizable policies, aiming for practical deployment and low performance impact.

Contribution

It introduces SecComp, a novel in-app security library with practical policies for preventing component hijacking in Android apps, shifting from reactive to proactive defense.

Findings

SecComp effectively prevents component hijacking with low overhead.

Customizable policies enhance security flexibility for developers.

Prototype demonstrates practical feasibility in real-world scenarios.

Abstract

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for originally prohibited operations. Many prior studies have been performed to understand and mitigate this issue, but component hijacking remains a serious open problem in the Android ecosystem due to no effective defense deployed in the wild. In this paper, we present our vision on practically defending against component hijacking in Android apps. First, we argue that to fundamentally prevent component hijacking, we need to switch from the previous mindset (i.e., performing system-level control or repackaging vulnerable apps after they are already released) to a more proactive version that aims to help security-inexperienced developers make secure components in the first place. To this end, we propose to embed into apps a secure component library (SecComp), which performs in-app mandatory access control on behalf of app components. An important factor for SecComp to be effective is that we find it is possible to devise a set of practical in-app policies to stop component hijacking. Furthermore, we allow developers design custom policies, beyond our by-default generic policies, to support more fine-grained access control. We have overcome challenges to implement a preliminary SecComp prototype, which stops component hijacking with very low performance overhead. We hope the future research that fully implements our vision can eventually help real-world apps get rid of component hijacking.