Android Inter-App Communication Threats and Detection Techniques

TL;DR

This paper surveys Android app collusion threats, analyzing vulnerabilities, attack scenarios, and detection tools, highlighting the challenges in identifying malicious multi-app behaviors that evade traditional security measures.

Contribution

It provides the first comprehensive survey on Android app collusion, detailing vulnerabilities, threat scenarios, and comparing existing detection techniques for multi-app analysis.

Findings

Android apps can maliciously collude to bypass security.

Existing detection tools focus mainly on single-app analysis.

Collusion exploits inter-component communication without user awareness.

Abstract

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through collusion. In collusion malicious functionality is divided across multiple apps. Each participating app accomplish its part and communicate information to another app through Inter Component Communication (ICC). ICC do not require any special permissions. Also, there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to current state-of-the-art techniques that analyze one app at a time. There are many surveys on app analysis techniques in Android; however they focus on single-app analysis. This survey augments this through focusing only on collusion among multiple-apps. In this paper, we present Android vulnerabilities that may be exploited for a possible collusion attack. We cover the existing threat analysis, scenarios, and a detailed comparison of tools for intra and inter-app analysis. To the best of our knowledge this is the first survey on app collusion and state-of-the-art detection tools in Android.