Back to Search Start Over

Android Inter-App Communication Threats and Detection Techniques

Authors :
Bhandari, Shweta
Jaballah, Wafa Ben
Jain, Vineeta
Laxmi, Vijay
Zemmari, Akka
Gaur, Manoj Singh
Mosbah, Mohamed
Conti, Mauro
Source :
computers & security 70 (2017) 392-421
Publication Year :
2016

Abstract

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through collusion. In collusion malicious functionality is divided across multiple apps. Each participating app accomplish its part and communicate information to another app through Inter Component Communication (ICC). ICC do not require any special permissions. Also, there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to current state-of-the-art techniques that analyze one app at a time. There are many surveys on app analysis techniques in Android; however they focus on single-app analysis. This survey augments this through focusing only on collusion among multiple-apps. In this paper, we present Android vulnerabilities that may be exploited for a possible collusion attack. We cover the existing threat analysis, scenarios, and a detailed comparison of tools for intra and inter-app analysis. To the best of our knowledge this is the first survey on app collusion and state-of-the-art detection tools in Android.<br />Comment: 83 pages, 4 figures, This is a survey paper

Details

Database :
arXiv
Journal :
computers & security 70 (2017) 392-421
Publication Type :
Report
Accession number :
edsarx.1611.10076
Document Type :
Working Paper
Full Text :
https://doi.org/10.1016/j.cose.2017.07.002