Detecting (absent) app-to-app authentication on cross-device short-distance channels

Short-distance or near-field communication is increasingly used by mobile apps for interacting or exchanging data in a cross-device fashion. In this paper, we identify a security issue, namely cross-device app-to-app communication hijacking (or CATCH), that affect Android apps using short-distance channels (e.g., Bluetooth and Wi-Fi-Direct). This issue causes unauthenticated or malicious app-to-app interactions even when the underlying communication channels are authenticated and secured. In addition to discovering the security issue, we design an algorithm based on data-flow analysis for detecting the presence of CATCH in Android apps. Our algorithm checks if a given app contains an app-to-app authentication scheme, necessary for preventing CATCH. We perform experiments on a set of Android apps and show the CATCH problem is always present on the whole analyzed applications set. We also discuss the impact of the problem in real scenarios by presenting two real case studies. At the end of the paper we reported limitations of our model along with future improvements.