Malware collusion is a technique utilized by attackers to evade standard detection. It is a new threat where two or more applications, appearing benign, communicate to perform a malicious task. Most proposed approaches aim at detecting stand-alone malicious applications. We point out the need for analyzing data flows across multiple Android apps, a problem referred to as end-to-end flow analysis. In this work, we present a flow analysis for app pairs that computes the risk level associated with their potential communications. Our approach statically analyzes the sensitivity and context of each inter-app flow based on inter-component communication (ICC) between communicating apps, and defines fine-grained security policies for inter-app ICC risk classification. We perform an empirical study on 7,251 apps from the Google Play store to identify the apps that communicate with each other via ICC channels. Our results report four times fewer warnings on our dataset of 197 real app pairs communicating via explicit external ICCs than the state-of-the-art permission-based collusion detection.

中文翻译：

---

识别移动应用间通信风险

恶意软件共谋是攻击者用来逃避标准检测的一种技术。这是一种新的威胁，其中两个或多个看似良性的应用程序进行通信以执行恶意任务。大多数提议的方法旨在检测独立的恶意应用程序。我们指出需要分析跨多个 Android 应用程序的数据流，这个问题称为端到端流分析。在这项工作中，我们对应用程序对进行了流程分析，计算与其潜在通信相关的风险级别。我们的方法基于通信应用程序之间的组件间通信 (ICC) 静态分析每个应用程序间流的敏感性和上下文，并为应用程序间 ICC 风险分类定义细粒度的安全策略。我们对 7 进行了实证研究，来自 Google Play 商店的 251 个应用程序，用于识别通过 ICC 通道相互通信的应用程序。我们的结果报告的 197 个真实应用程序对数据集上通过显式外部 ICC 进行通信的警告比最先进的基于许可的共谋检测少四倍。