Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications.

[1]  Fabio Martinelli,et al.  On the effectiveness of system API-related information for Android ransomware detection , 2018, Comput. Secur..

[2]  Thomas M. Chen,et al.  Automated generation of colluding apps for experimental research , 2017, Journal of Computer Virology and Hacking Techniques.

[3]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[4]  Atif M. Memon,et al.  Colluding Apps: Tomorrow's Mobile Malware Threat , 2015, IEEE Security & Privacy.

[5]  Donghai Tian,et al.  MSYM: A multichannel communication system for android devices , 2020, Comput. Networks.

[6]  Rosdiadee Nordin,et al.  A New Sensors-Based Covert Channel on Android , 2014, TheScientificWorldJournal.

[7]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[8]  Ke Xu,et al.  ICCDetector: ICC-Based Malware Detection on Android , 2016, IEEE Transactions on Information Forensics and Security.

[9]  Vijay Laxmi,et al.  Android inter-app communication threats and detection techniques , 2016, Comput. Secur..

[10]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[11]  Gerardo Canfora,et al.  LEILA: Formal Tool for Identifying Mobile Malicious Behaviour , 2019, IEEE Transactions on Software Engineering.

[12]  Antonella Santone,et al.  Model checking for malicious family detection and phylogenetic analysis in mobile environment , 2020, Comput. Secur..