Exploiting PendingIntent Provenance Confusion to Spoof Android SDK Authentication

• URL: http://arxiv.org/abs/2603.02539v1
• Date: Tue, 03 Mar 2026 02:53:17 GMT
• Title: Exploiting PendingIntent Provenance Confusion to Spoof Android SDK Authentication
• Authors: Ramanpreet Singh Khinda,
• Abstract summary: A single authentication bypass in a partner SDK grants attackers the identity of every partner in the ecosystem.<n>Cross-app mobile SDKs mediate sensitive operations such as content publishing, payment initiation, and identity federation.<n>We present a defense architecture combining Bound Service IPC with kernel-level caller verification via Binder.getCallingUid.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: A single authentication bypass in a partner SDK grants attackers the identity of every partner in the ecosystem -- and millions of apps use SDKs with exactly this vulnerability. OWASP's 2024 Mobile Top 10 ranks Inadequate Supply Chain Security as the second most critical mobile risk, explicitly identifying third-party SDKs as a primary attack vector. Cross-app mobile SDKs -- where a partner application communicates with a platform provider's application via inter-process communication (IPC) -- mediate sensitive operations such as content publishing, payment initiation, and identity federation. Unlike embedded libraries that execute within a single app's process, cross-app SDKs require the provider's service to authenticate the calling application at runtime. A pattern sometimes used for this authentication relies on PendingIntent.getCreatorPackage() to verify sender identity. We demonstrate that this mechanism exhibits a fundamental provenance confusion vulnerability: a PendingIntent reliably identifies who created it but cannot attest who presents it -- and this distinction is fatal for authentication. An attacker app with notification access can steal a legitimate partner's PendingIntent via NotificationListenerService and replay it to impersonate that partner, bypassing authentication entirely. The attack succeeds against both mutable and immutable PendingIntents because immutability protects the token's contents, not its provenance. We systematically evaluate eight Android IPC authentication mechanisms against an SDK-specific threat model and present a defense architecture combining Bound Service IPC with kernel-level caller verification via Binder.getCallingUid(), supplemented by server-side certificate-hash validation. This provides authentication guarantees while remaining scalable across partner ecosystems.

Related papers

• QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials [0.0]
  FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication.<n>Recent passkey deployments address this limitation by enabling multi-device credentials synchronized via platform-specific cloud ecosystems.<n>This paper explores architectural options for bridging these technologies by securing a virtual FIDO2 authenticator with a QES-grade PKCS key.
  arXiv  Detail & Related papers  (2026-01-10T12:47:44Z)
• Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
  BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
  arXiv  Detail & Related papers  (2025-12-19T13:01:54Z)
• A Multi-Cloud Framework for Zero-Trust Workload Authentication [0.0]
  This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC) for secretless authentication.<n>We validate this framework in an enterprise-scale environment, which significantly reduces the attack surface.
  arXiv  Detail & Related papers  (2025-10-17T04:11:31Z)
• CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2 [2.949446809950691]
  We focus on CTAP, which allows FIDO2 clients and hardware authenticators to communicate.<n>We uncover two classes of protocol-level attacks on CTAP that we call CTRAPS.<n>We detail the eight vulnerabilities in the CTAP specification, enabling the CTRAPS attacks.<n>We release CTRAPS, an original toolkit, to analyze CTAP and conduct the CTRAPS attacks.
  arXiv  Detail & Related papers  (2024-12-03T10:11:41Z)
• Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
  We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
  arXiv  Detail & Related papers  (2024-06-27T09:50:10Z)
• DiVerify: Hardening Identity-Based Software Signing with Programmable Diverse-Context Scopes [11.521573335215239]
  State-of-the-art identity-based code signing schemes have a major shortcoming.<n>They fail to provide verifiable information about the context in which a signature is generated.<n>We propose a diverse identity verification approach that reduces reliance on a single source of verification.
  arXiv  Detail & Related papers  (2024-06-21T18:53:52Z)
• A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
  We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
  arXiv  Detail & Related papers  (2024-02-20T09:55:20Z)
• SOAP: A Social Authentication Protocol [0.0]
  We formally define social authentication, present a protocol called SOAP that largely automates social authentication, formally prove SOAP's security, and demonstrate SOAP's practicality. One prototype is web-based, and the other is implemented in the open-source Signal messaging application.
  arXiv  Detail & Related papers  (2024-02-05T17:03:10Z)
• On Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials [39.4080639822574]
  Verifiable credentials are a digital analogue of physical credentials. They can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential.
  arXiv  Detail & Related papers  (2024-01-16T08:22:28Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• Open-set Adversarial Defense [93.25058425356694]
  We show that open-set recognition systems are vulnerable to adversarial attacks. Motivated by this observation, we emphasize the need of an Open-Set Adrial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem.
  arXiv  Detail & Related papers  (2020-09-02T04:35:33Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)
• Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates [57.52763961195292]
  We present a new attack that exploits not only the labelling function of a classifier, but also the certificate generator. The proposed method applies large perturbations that place images far from a class boundary while maintaining the imperceptibility property of adversarial examples.
  arXiv  Detail & Related papers  (2020-03-19T17:59:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.