Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

Rosangela Casolare,Francesco Mercaldo,Antonella Santone,Fabio Martinelli

doi:10.3390/info11060304

Rosangela Casolare, Francesco Mercaldo + Show 2 more

Open Access

https://doi.org/10.3390/info11060304

Copy DOI

Abstract

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications.

Highlights

Malware is currently afflicting each kind of device equipped with an operating system, from workstations to our mobile devices
Our research work starts from just described considerations and in this paper we present a tool developed starting from an approach based on model checking, able to detect the collusion between Android applications [12]
Mobile malware writers are continuously increasing the techniques to develop more complex and undetectable malicious payloads, with the aim to elude the current detection mechanism provided by signature-based anti-malware

Summary

Introduction

Malware (contraction word for malicious software) is currently afflicting each kind of device equipped with an operating system, from workstations to our mobile devices (for instance, smartphone and tables). Cyber crime is the main cause of attack, among the means the most used is malware https://clusit.it/rapporto-clusit/. In this scenario, our mobile devices have become in few years a really appealing surface attack for malware writers, considering the plethora of private and sensitive information that they keep. In modern mobile devices the users can download applications from the official market and from non official ones These last can be untrustworthy and represent a serious threat for the users’ data, users usually consider third-party markets to find free versions of applications that are usually paid ones on the official market [1]

Methods

Results

Conclusion