A Dynamic Approach to Defuse Logic Bombs in Android Applications

Logic bombs are a critical security threat in Android applications that can be triggered by specific events or conditions, leading to serious consequences. In this work we focus on apps accessing mobile device resources for sensitive data leakage. Such malicious behaviour can exploit Android permission model by gaining access to sensitive related resources in a legitimate context and later using them in a dangerous one, once the logic bomb is triggered. We propose a dynamic approach by extending RPCDroid, a tool that monitors the behavior of an Android application whenever it accesses specific device resources. To defuse the logic bomb we force an explicit prompt to authorize access requests based on the usage context preventing accesses unbeknownst to the user. We assessed the effectiveness of our proposal using TriggerZoo, a publicly available dataset of apps injected with logic bombs. Our results show that a context aware permission model can effectively prevent uncontrolled access to privacy related data in case a logic bomb is triggered.