Posted by Martijn Grooten on Mar 27, 2018
Yesterday, we published a paper (that was presented at VB2016) on Android app collusions: the situation in which two or more apps work together to exfiltrate data from a device using the combined permissions of each app.
Today, we publish a follow-up paper by the same (in fact, slightly larger) group of researchers, affiliated with various UK universities and companies. In it, they describe their method of using machine learning techniques to make the tricky distinction between malicious app collusion and benign app collaboration.
Collusions tend to be difficult to detect, as each app individually will appear benign to most analysis tools, thus careful study is required of a collection of apps as a whole – something which scales very poorly for human analysts. As collusion may have (malicious) applications beyond Android apps, the approach may have more general applications too.