Android is currently the most widespread operating system (OS) worldwide, but also the most prone to attacks. Despite the challenges faced by Industry and Academia to improve the Android OS security, it still has several vulnerabilities. Among those, the severity of the Next-Intent Vulnerability (NIV) can be immediately grasped. Android apps are made of components, which by default are private and cannot be targeted by other apps on the same phone. However, NIV allows any app to access the private components of a different app, eventually generating a crash or stealing sensitive data. NIV occurs when there is a chain of calls among different components based on the Intent messaging model and there is no control over the reliability of the first component triggering the call. NIV was first detected in 2013, but it is still an open issue. In this paper, we present Next-Intent Vulnerability Detector (\(\mathcal {N}\hbox {I}\mathcal {V}\hbox {D}\)), a novel approach to detect NIV in Android apps by relying on type systems. \(\mathcal {N}\hbox {I}\mathcal {V}\hbox {D}\) applies the inference rules of its type system to the app execution paths containing a sequence of calls to three NIV-related Android APIs. Compared to the state-of-the-art, \(\mathcal {N}\hbox {I}\mathcal {V}\hbox {D}\) is faster and more efficient, without losing precision in detecting NIV. Finally, through \(\mathcal {N}\hbox {I}\mathcal {V}\hbox {D}\) Google Photos was found to be vulnerable, and we disclosed the finding on the Google official bug report website (issue number 124342801).

Android目前是全球范围内最广泛的操作系统（OS），但也最容易受到攻击。尽管行业和学术界在提高Android OS安全性方面面临挑战，但它仍然存在一些漏洞。其中，可以立即掌握下一个意图漏洞（NIV）的严重性。Android应用程序由组件组成，这些组件默认情况下是私有的，并且不能被同一部手机上的其他应用程序作为目标。但是，NIV允许任何应用访问其他应用的私有组件，最终导致崩溃或窃取敏感数据。当基于Intent的不同组件之间存在一系列调用时，就会发生NIV消息传递模型，并且无法控制触发呼叫的第一个组件的可靠性。NIV于2013年首次被发现，但仍然是一个未解决的问题。在本文中，我们介绍了下一个意图漏洞检测器（\（\ mathcal {N} \ hbox {I} \ mathcal {V} \ hbox {D} \）），这是一种依靠检测Android应用中NIV的新颖方法类型系统。\（\ mathcal {N} \ hbox {I} \ mathcal {V} \ hbox {D} \） 将其类型系统的推理规则应用于应用执行路径，该路径包含对三个与NIV相关的Android API的一系列调用。与最新技术相比，\（\ mathcal {N} \ hbox {I} \ mathcal {V} \ hbox {D} \） 更快，更有效，而不会丢失检测NIV的精度。最后，通过\（\ mathcal {N} \ hbox {I} \ mathcal {V} \ hbox {D} \） Google相册被发现容易受到攻击，我们在Google官方错误报告网站（发行号124342801）上披露了此发现。