Assessing the Security of Inter-App Communications in Android through Reinforcement Learning

A central aspect of the Android platform is Inter-Component Communication (ICC), which enables the reuse of functionality across apps and components via message passing. While a powerful feature, ICC still constitutes a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) through static analysis, Deep Reinforcement Learning-based dynamic analysis and software instrumentation. Our approach, called RONIN, achieves better results than state-of-the-art and baseline tools, in the number of exploited vulnerabilities.