Posted by Martijn Grooten on Mar 26, 2018
Playing out in the sidelines of the Cambridge Analytica scandal was the discovery that Facebook had been collecting metadata on the calls and SMS conversations of many of the users of its Android app. Whatever your view on this practice, the fact that it is carried out by a single app does at least make it somewhat transparent to anyone analysing the app.
It is more complicated when apps use a concept called 'app collusion', where two (or more) apps installed on the same device work together to collect and extract data from the device. Using the combined efforts and permissions of multiple apps makes the exfiltration of data less easy to detect, either by privacy-conscious users or by reverse engineering, which often looks at apps individually.
App collusion isn't merely a theoretical concept though. At VB2016 in Denver, Jorge Blasco (then from City University London) presented a paper he had co-written with Thomas M. Chen, Igor Muttik and Markus Roggenbach, in which they discussed the concept of app collusion and presented their discoveries of colluding code in many in-the-wild apps.
Tomorrow, we will publish a follow-up paper in which the researchers detail their method of using machine-learning to detect app collusions.