Android inter-app communication (IAC) allows apps to request functionalities from other apps, which has been extensively used to provide a better user experience. However, IAC has also become an enticing target by attackers to launch malicious activities. Dynamic class loading (DCL) and reflection are effective features to enhance the functionality of the apps. In this paper, we expose a new attack that leverages these features in conjunction with inter-app communication to conceal malicious attacks with the ability to bypass existing security mechanisms. To counteract such attack, we present DINA, a novel hybrid analysis approach for identifying malicious IAC behaviors concealed within dynamically loaded code through reflective/DCL calls. DINA appends reflection and DCL invocations to control-flow graphs and continuously performs incremental dynamic analysis to detect the misuse of reflection and DCL that obfuscates malicious Intent communications. DINA utilizes string analysis and inter-procedural analysis to resolve hidden IAC and achieves superior detection performance. Our extensive evaluation on 49,000 real-world apps corroborates the prevalent usage of reflection and DCL, and reveals previously unknown and potentially harmful, hidden IAC behaviors in real-world apps.

中文翻译：

---

DINA：检测动态加载代码中隐藏的 Android 应用程序间通信


Android 应用间通信 (IAC) 允许应用向其他应用请求功能，该功能已被广泛用于提供更好的用户体验。然而，IAC也成为攻击者发起恶意活动的诱人目标。动态类加载（DCL）和反射是增强应用程序功能的有效功能。在本文中，我们揭露了一种新的攻击，该攻击利用这些功能与应用程序间通信相结合来隐藏恶意攻击，并能够绕过现有的安全机制。为了抵御此类攻击，我们提出了 DINA，这是一种新颖的混合分析方法，用于通过反射/DCL 调用识别隐藏在动态加载代码中的恶意 IAC 行为。 DINA 将反射和 DCL 调用附加到控制流图，并持续执行增量动态分析，以检测混淆恶意 Intent 通信的反射和 DCL 的滥用。 DINA利用字符串分析和过程间分析来解决隐藏的IAC并实现卓越的检测性能。我们对 49,000 个实际应用程序进行的广泛评估证实了反射和 DCL 的普遍使用，并揭示了实际应用程序中以前未知且可能有害的隐藏 IAC 行为。