{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T09:59:55Z","timestamp":1771667995828,"version":"3.50.1"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2022,4,22]],"date-time":"2022-04-22T00:00:00Z","timestamp":1650585600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,4,22]],"date-time":"2022-04-22T00:00:00Z","timestamp":1650585600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,10]]},"DOI":"10.1007\/s10207-022-00592-9","type":"journal-article","created":{"date-parts":[[2022,4,22]],"date-time":"2022-04-22T10:08:53Z","timestamp":1650622133000},"page":"973-982","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["IntentAuth: Securing Android\u2019s Intent-based inter-process communication"],"prefix":"10.1007","volume":"21","author":[{"given":"Christos","family":"Lyvas","sequence":"first","affiliation":[]},{"given":"Costas","family":"Lambrinoudakis","sequence":"additional","affiliation":[]},{"given":"Dimitris","family":"Geneiatakis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,4,22]]},"reference":[{"key":"592_CR1","unstructured":"Statista, Mobile operating systems\u2019 market share worldwide from January 2012 to October 2020, cited December 23rd 2020. https:\/\/www.statista.com\/statistics\/272698\/global-market-share-held-by-mobile-operating-systems-since-2009\/ (2020)"},{"key":"592_CR2","doi-asserted-by":"crossref","unstructured":"Tang, J., Cui, X., Zhao, Z., Guo, S., Xu, X., Hu, C., Ban, T., Mao, B.: Nivanalyzer: a tool for automatically detecting and verifying next-intent vulnerabilities in android apps. In: 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). IEEE, pp. 492\u2013499 (2017)","DOI":"10.1109\/ICST.2017.56"},{"key":"592_CR3","doi-asserted-by":"crossref","unstructured":"El-Zawawy, M.A., Losiouk, E., Conti, M.: Do not let next-intent vulnerability be your next nightmare: type system-based approach to detect it in android apps. Int. J. Inf. Secur. 1\u201320 (2020)","DOI":"10.1007\/s10207-020-00491-x"},{"key":"592_CR4","doi-asserted-by":"crossref","unstructured":"Wang, R., Xing, L., Wang, X., Chen, S.: Unauthorized origin crossing on mobile platforms: threats and mitigation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 635\u2013646 (2013)","DOI":"10.1145\/2508859.2516727"},{"key":"592_CR5","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239\u2013252 (2011)","DOI":"10.1145\/1999995.2000018"},{"key":"592_CR6","doi-asserted-by":"crossref","unstructured":"Yagemann, C., Du, W.: Intentio ex machina: Android intent access control via an extensible application hook. In: European Symposium on Research in Computer Security. Springer, pp. 383\u2013400 (2016)","DOI":"10.1007\/978-3-319-45744-4_19"},{"key":"592_CR7","unstructured":"Android Open Source Project, Application Fundamentals. Technical report, cited March 22nd 2020. https:\/\/developer.android.com\/guide\/components\/fundamentals (2019)"},{"key":"592_CR8","first-page":"519","volume":"4","author":"R Singh","year":"2014","unstructured":"Singh, R.: An overview of android operating system and its security. J. Eng. Res. Appl. 4, 519\u2013521 (2014)","journal-title":"J. Eng. Res. Appl."},{"key":"592_CR9","unstructured":"Android Open Source Project, Security-Enhanced Linux in Android. Technical report, cited October 30 2020. https:\/\/source.android.com\/security\/selinux (2020)"},{"key":"592_CR10","doi-asserted-by":"crossref","unstructured":"Kalysch, A., Deutel, M., M\u00fcller, T.: Template-based android inter process communication fuzzing. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, pp. 1\u20136 (2020)","DOI":"10.1145\/3407023.3407052"},{"key":"592_CR11","unstructured":"Soares, P.G.: On remote procedure call. In: Proceedings of the 1992 Conference of the Centre for Advanced Studies on Collaborative Research\u2014Volume 2, CASCON\u201992. IBM Press, pp. 215\u2013267 (1992)"},{"issue":"1","key":"592_CR12","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/2080.357392","volume":"2","author":"AD Birrell","year":"1984","unstructured":"Birrell, A.D., Nelson, B.J.: Implementing remote procedure calls. ACM Trans. Comput. Syst. 2(1), 39\u201359 (1984). https:\/\/doi.org\/10.1145\/2080.357392","journal-title":"ACM Trans. Comput. Syst."},{"key":"592_CR13","unstructured":"Android Open Source Project, Android Architecture. Technical report, cited March 24nd 2020. https:\/\/source.android.com\/devices\/architecture (2020)"},{"key":"592_CR14","doi-asserted-by":"crossref","unstructured":"Tang, X., Song, T., Wang, K., Liang, A.: Fine-grained access control on android through behavior monitoring. In: Advances in Computer Communication and Computational Sciences. Springer, pp. 525\u2013532 (2019)","DOI":"10.1007\/978-981-13-0344-9_45"},{"key":"592_CR15","unstructured":"Android Open Source Project, Intents and Intent Filters. Technical report, cited March 22nd 2020. https:\/\/developer.android.com\/guide\/components\/intents-filters (2019)"},{"key":"592_CR16","unstructured":"Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android: an essential step towards holistic security analysis. In: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 13), pp. 543\u2013558 (2013)"},{"key":"592_CR17","unstructured":"Android Open Source Project, Android Keystore System. Technical report, cited October 30 2020. https:\/\/developer.android.com\/training\/articles\/keystore (2020)"},{"key":"592_CR18","unstructured":"Android Open Source Project, Trusty TEE. Technical report, cited September 23rd 2020. https:\/\/source.android.com\/security\/trusty (2020)"},{"key":"592_CR19","doi-asserted-by":"publisher","unstructured":"Jha, A.K., Lee, S., Lee, W.J.: Developer mistakes in writing android manifests: an empirical study of configuration errors. In: 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR), pp. 25\u201336 (2017). https:\/\/doi.org\/10.1109\/MSR.2017.41","DOI":"10.1109\/MSR.2017.41"},{"issue":"13","key":"592_CR20","doi-asserted-by":"publisher","first-page":"2338","DOI":"10.1002\/sec.1179","volume":"8","author":"J Wu","year":"2015","unstructured":"Wu, J., Cui, T., Ban, T., Guo, S., Cui, L.: Paddyfrog: systematically detecting confused deputy vulnerability in android applications. Secur. Commun. Netw. 8(13), 2338\u20132349 (2015)","journal-title":"Secur. Commun. Netw."},{"key":"592_CR21","doi-asserted-by":"crossref","unstructured":"Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 229\u2013240 (2012)","DOI":"10.1145\/2382196.2382223"},{"key":"592_CR22","doi-asserted-by":"crossref","unstructured":"Chan, P.P., Hui, L.C., Yiu, S.-M.: Droidchecker: analyzing android applications for capability leak. In: Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 125\u2013136 (2012)","DOI":"10.1145\/2185448.2185466"},{"key":"592_CR23","doi-asserted-by":"crossref","unstructured":"Maqsood, H.M.A., Qureshi, K.N., Bashir, F., Islam, N.U.: Privacy leakage through exploitation of vulnerable inter-app communication on android. In: 2019 13th International Conference on Open Source Systems and Technologies (ICOSST). IEEE, pp. 1\u20136 (2019)","DOI":"10.1109\/ICOSST48232.2019.9043935"},{"key":"592_CR24","doi-asserted-by":"crossref","unstructured":"Yang, K., Zhuge, J., Wang, Y., Zhou, L., Duan, H.: Intentfuzzer: detecting capability leaks of android applications. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 531\u2013536 (2014)","DOI":"10.1145\/2590296.2590316"},{"key":"592_CR25","doi-asserted-by":"crossref","unstructured":"Garcia, J., Hammad, M., Ghorbani, N., Malek, S.: Automatic generation of inter-component communication exploits for android applications. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pp. 661\u2013671 (2017)","DOI":"10.1145\/3106237.3106286"},{"key":"592_CR26","unstructured":"Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: USENIX Security Symposium, vol.\u00a030, 2011, p.\u00a088"},{"key":"592_CR27","doi-asserted-by":"crossref","unstructured":"Kaladharan, Y., Mateti, P., Jevitha, K.: An encryption technique to thwart android binder exploits. In: Intelligent Systems Technologies and Applications. Springer, pp. 13\u201321 (2016)","DOI":"10.1007\/978-3-319-23258-4_2"},{"key":"592_CR28","doi-asserted-by":"crossref","unstructured":"Ren, X., Sun, J., Xing, Z., Xia, X., Sun, J.: Demystify official api usage directives with crowdsourced api misuse scenarios, erroneous code examples and patches. In: Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering, pp. 925\u2013936 (2020)","DOI":"10.1145\/3377811.3380430"},{"key":"592_CR29","doi-asserted-by":"crossref","unstructured":"Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 73\u201384 (2013)","DOI":"10.1145\/2508859.2516693"},{"key":"592_CR30","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1016\/j.cose.2014.10.005","volume":"49","author":"D Geneiatakis","year":"2015","unstructured":"Geneiatakis, D., Fovino, I.N., Kounelis, I., Stirparo, P.: A permission verification approach for android mobile applications. Comput. Secur. 49, 192\u2013205 (2015)","journal-title":"Comput. Secur."},{"key":"592_CR31","unstructured":"Google Help, Remediation for Intent Redirection Vulnerability. Technical report, cited September 15nd 2020. https:\/\/support.google.com\/faqs\/answer\/9267555?hl=en (2020)"},{"key":"592_CR32","doi-asserted-by":"publisher","unstructured":"Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS\u201910, Association for Computing Machinery, New York, NY, USA, pp. 328\u2013332 (2010). https:\/\/doi.org\/10.1145\/1755688.1755732. https:\/\/doi.org\/10.1145\/1755688.1755732","DOI":"10.1145\/1755688.1755732"},{"key":"592_CR33","unstructured":"Xu, R., Sa\u00efdi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: 21st USENIX Security Symposium (USENIX Security 12), USENIX Association, Bellevue, WA, pp. 539\u2013552 (2012). https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/xu_rubin"},{"issue":"3","key":"592_CR34","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/j.istr.2012.10.006","volume":"17","author":"D Schreckling","year":"2013","unstructured":"Schreckling, D., K\u00f6stler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for android. Inf. Secur. Tech. Rep. 17(3), 71\u201380 (2013). https:\/\/doi.org\/10.1016\/j.istr.2012.10.006","journal-title":"Inf. Secur. Tech. Rep."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00592-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-022-00592-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00592-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,23]],"date-time":"2022-09-23T15:50:54Z","timestamp":1663948254000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-022-00592-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,22]]},"references-count":34,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,10]]}},"alternative-id":["592"],"URL":"https:\/\/doi.org\/10.1007\/s10207-022-00592-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,22]]},"assertion":[{"value":"22 April 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}