Assessing the Security of Inter-App Communications in Android through
Reinforcement Learning
Abstract
A central aspect of the Android platform is Inter-Component
Communication (ICC), which enables the reuse of functionality across
apps and components via message passing. While a powerful feature, ICC
still constitutes a serious attack surface. This paper addresses the
issue of generating exploits for a subset of Android ICC vulnerabilities
(i.e., IDOS, XAS, and FI) through static analysis, Deep Reinforcement
Learning-based dynamic analysis and software instrumentation. Our
approach, called RONIN, achieves better results than state-of-the-art
and baseline tools, in the number of exploited vulnerabilities.