Preserving the confidentiality of private data in mobile devices is currently a major security concern. For this reason, Android requires a program (app) to explicitly obtain permissions at installation time in order to access private data. Nevertheless, Android applications can communicate through intents. Therefore, an app without a permission may obtain confidential data through an intent sent by an app owning that permission.

IntentFuzzer automatically tests Android apps to detect if, when asking an app for an intent, the app uses some permissions without checking if the caller app owns such permissions. In this way, it can detect if an app that does not require a permission could access confidential data through another app. The system is very simple and relies on existing tools, but it investigates a novel security threat that has not been deeply studied yet. The tool was applied to a huge number of apps, and it found hundreds that leak capabilities through intents. These experiments show that many applications are vulnerable to this type of attack, a major security issue for mobile devices.

While this work does not introduce a new theoretical approach, it does integrate existing methods and tools into a comprehensive system. It represents an important milestone in the understanding of the current limits of the Android permission system. Therefore, in this paper, experts in the field of software engineering, particularly in static and dynamic analysis, may get new hints and find new scenarios in which to introduce new formal methods to improve the security of mobile apps. In particular, IntentFuzzer detects a capability leak, but not if and what private data is leaked. This would represent a natural follow-up to this work.