Secure and flexible message-based communication for mobile apps within and across devices

In modern mobile platforms, message-based communication is afflicted by data leakage attacks, through which untrustworthy apps access the transferred message data. Existing defenses are overly restrictive, as they block all suspicious message exchanges, thus preventing any app from receiving messages. To better secure message-based communication, we present a model that strengthens security, while also allowing untrusted-but-not-malicious apps to execute their business logic. Our model, HTPD, introduces two novel mechanisms: hidden transmission and polymorphic delivery. Sensitive messages are transmitted hidden in an encrypted envelope. Their delivery is polymorphic: as determined by the destination's trustworthiness, it can be delivered no data, raw data, or encrypted data. To allow an untrusted destination to operate on encrypted data deliveries, HTPD integrates homomorphic and convergent encryption. We concretely realize HTPD as POLICC, a plug-in replacement of Android Inter-Component Communication (ICC) middleware. POLICC mitigates three classic Android data leakage attacks, while allowing untrusted apps to perform useful operations on delivered messages. Our evaluation shows that POLICC supports secure message-based communication within and across devices by trading off performance costs, programming effort overheads, and security1.