Direct Resource Hijacking in Android

In this article, the authors discuss a new attack called a direct resource hijacking attack (or resource hijacking attack), which directly hijacks exported components or permissions on components owned by benign applications. To tackle this vulnerability, they propose a fine-grained resource access control framework in Android and introduce a certificate-augmented resource naming mechanism. With this method, malicious apps can't hijack a victim app's permissions to steal its private data in the victim app, or hijack a victim app's components to retrieve data that's delivered to the victim app.In this article, the authors discuss a new attack called a direct resource hijacking attack (or resource hijacking attack), which directly hijacks exported components or permissions on components owned by benign applications. To tackle this vulnerability, they propose a fine-grained resource access control framework in Android and introduce a certificate-augmented resource naming mechanism. With this method, malicious apps can't hijack a victim app's permissions to steal its private data in the victim app, or hijack a victim app's components to retrieve data that's delivered to the victim app