Analysis of the communication between colluding applications on modern smartphones

Modern smartphones that implement permission-based security mechanisms su er from attacks by colluding applications. Users are not made aware of possible implications
 

of application collusion attacks|quite the contrary|on existing platforms, users are implicitly led to believe that by approving the installation of each application independently, they can limit the damage that an application can cause. We implement and analyze a number of covert and overt communication channels that enable applications to collude and therefore indirectly escalate their permissions. Furthermore, we present and implement a covert channel between
 

an installed application and a web page loaded in the system browser. We measure the throughput of all these channels as well as their bit-error rate and required synchronization for
 

successful data transmission. The measured throughput of covert channels ranges from 3.7 bps to 3.27 kbps on a Nexus One phone and from 0.47 bps to 4.22 kbps on a Samsung
 

Galaxy S phone; such throughputs are sucient to eciently exchange users' sensitive information (e.g., GPS coordinates or contacts). We test two popular research tools that track information  ow or detect communication channels on mobile platforms, and con rm that even if they detect some channels, they still do not detect all the channels and therefore fail to fully prevent application collusion. Attacks using covert communication channels remain, therefore, a real threat to smartphone security and an open problem for the research community.