Android inter-app communication threats and detection techniques. Issue 70 (September 2017)
- Record Type:
- Journal Article
- Title:
- Android inter-app communication threats and detection techniques. Issue 70 (September 2017)
- Main Title:
- Android inter-app communication threats and detection techniques
- Authors:
- Bhandari, Shweta
Jaballah, Wafa Ben
Jain, Vineeta
Laxmi, Vijay
Zemmari, Akka
Gaur, Manoj Singh
Mosbah, Mohamed
Conti, Mauro - Abstract:
- Abstract: With the digital breakthrough, smart phones have become very essential component for many routine tasks like shopping, paying bills, transferring money, instant messaging, emails etc. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior-based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through inter-app communication. One such inter-app communication threats is collusion. In collusion, malicious functionality is divided across multiple apps. Each participating app accomplishes its part and communicate information to another app through Inter Component Communication (ICC). ICC does not require any special permissions. Also there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to currentAbstract: With the digital breakthrough, smart phones have become very essential component for many routine tasks like shopping, paying bills, transferring money, instant messaging, emails etc. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior-based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through inter-app communication. One such inter-app communication threats is collusion. In collusion, malicious functionality is divided across multiple apps. Each participating app accomplishes its part and communicate information to another app through Inter Component Communication (ICC). ICC does not require any special permissions. Also there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to current state-of-the-art techniques that analyze one app at a time. There are many surveys on app analysis techniques in Android; however they focus on single-app analysis. This survey highlights several inter-app communication threats, in particular collusion among multiple-apps. In this paper, we present Android vulnerabilities that may be exploited for carrying privilege escalation attacks, privacy leakage and collusion attacks. We cover the existing threat analysis, scenarios, and a detailed comparison of tools for intra- and inter-app analysis. To the best of our knowledge this is the first survey on inter-app communication threats, app collusion and state-of-the-art detection tools in Android. … (more)
- Is Part Of:
- Computers & security. Issue 70(2017)
- Journal:
- Computers & security
- Issue:
- Issue 70(2017)
- Issue Display:
- Volume 70, Issue 70 (2017)
- Year:
- 2017
- Volume:
- 70
- Issue:
- 70
- Issue Sort Value:
- 2017-0070-0070-0000
- Page Start:
- 392
- Page End:
- 421
- Publication Date:
- 2017-09
- Subjects:
- App collusion -- Privacy leakage -- Inter component communication -- Inter-app communication -- Multi-app analysis
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2017.07.002 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 6986.xml