You are here

Measuring the Insecurity of Mobile Deep Links of Android

Event date: 
Thursday, 19 April, 2018 - 16:00
Speaker: 
Biniam Fisseha Demissie
Title: Measuring the Insecurity of Mobile Deep Links of Android
Authors: Fang Liu, Chun Wang, Andres Pico, Danfeng Yao, and Gang Wang, Virginia Tech
Abstract: Mobile deep links are URIs that point to specific locations within apps, which are instrumental to web-to-app communications. Existing “scheme URLs” are known to have hijacking vulnerabilities where one app can freely register another app’s schemes to hijack the communication. Recently, Android introduced two new methods “App links” and “Intent URLs” which were designed with security features, to replace scheme URLs. While the new mechanisms are secure in theory, little is known about how effective they are in practice. In this paper, we conduct the first empirical measurement on various mobile deep links across apps and websites.

----

Fang Liu, Chun Wang, Andres Pico, Danfeng Yao, and Gang Wang. 2017. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 953–969.

Location: 
Sala Circolo