Android shared storage is shared with all the applications (apps for short) and the user. It is common to see that a large amount of apps store different kinds of files on it. It is well known that apps granted the read or write permissions can freely access any files in the shared storage. As a consequence, the shared storage has been demonstrated to expose sensitive information and jeopardize users’ privacy. In this paper, we systematically study a simple but overlooked threat related to the shared storage—the lack of input validation (e.g., integrity verifications) when consuming files on the shared storage. We argue that the untrusted input from the shared storage is a much ubiquitous problem. By undertaking an empirically study through a static analysis tool we develop, we find over 30 percent of the 13,746 analyzed popular apps on the market suffer from such problem. By investigating the types of files consumed, we find shockingly a large fraction of apps store and consume sensitive files, which allows us to construct end-to-end attacks. Considering the ubiquity of this class of vulnerabilities, we finally define better access control policies for external storage to eliminate them for most apps.

中文翻译：

---

Android 共享存储危险使用的实证分析

Android 共享存储与所有应用程序（简称应用程序）和用户共享。通常会看到大量应用程序在其上存储不同类型的文件。众所周知，被授予读写权限的应用程序可以自由访问共享存储中的任何文件。因此，共享存储已被证明会暴露敏感信息并危及用户的隐私。在本文中，我们系统地研究了一个与共享存储相关的简单但被忽视的威胁——在使用共享存储上的文件时缺乏输入验证（例如，完整性验证）。我们认为来自共享存储的不可信输入是一个普遍存在的问题。通过我们开发的静态分析工具进行实证研究，我们发现 13 个中超过 30%，746 分析了市场上流行的应用程序存在此类问题。通过调查消耗的文件类型，我们惊人地发现很大一部分应用程序存储和消耗敏感文件，这使我们能够构建端到端攻击。考虑到此类漏洞的普遍性，我们最终为外部存储定义了更好的访问控制策略，以消除大多数应用程序的漏洞。