The Parcel mechanism is a key component in inter-process communication in Android. However, due to the lack of security considerations, incorrect implementation of the Parcel mechanism can lead to security vulnerabilities. In the past decade, these security vulnerabilities have impacted numerous Android users. In this paper, we identify two major security issues of the Parcel mechanism. First, the reading and writing components are implemented inconsistently in some Parcelable classes, compromising data integrity. Second, malformed Parcels introduce the potential for Denial-of-Service (DoS) attacks on critical apps. We then describe two types of attacks to exploit these two issues: a privilege escalation attack and the Malformed Parcel DoS attack, the latter of which renders phones unusable and prevents users from accessing critical services. To understand the scope of our proposed attacks across the entire Android ecosystem, we perform the first large-scale analysis on 324 Android firmware samples and 10,161 Android apps. Among them, we identify 36 unique data mismatch vulnerabilities and 3,858 apps vulnerable to the DoS attack. We responsibly disclosed our findings to vendors, and 10 of them have been confirmed. Finally, we propose mitigations against the attacks.
Annual International Conference on Mobile Systems, Applications and Services(MobiSys)
2026-06-21
2026-06-29