A Survey on Application Collusion Attacks on Android Permission-Mechanism

Considering the wide range of functionalities provided by smartphones, smartphone-users’ privacy and security of their personal information is of vital importance. Android has been the most targeted platform for malware attacks, due to being the most popular platform, open source system and its vulnerable architecture. In this paper, we have studied about android permission mechanism, collusion attack, and covert and overt communication channels. Collusion attacks allow apps to indirectly execute operations, which they should not be able to execute, based on their declared permissions. For instance, disclosure of users’ private data (e.g., contacts or GPS location) to a destined attacker, by apps that do not have direct access to such data or cannot directly establish remote connections. According to the survey[1], there’s significant potential of collusion attacks and these attacks are really hard to detect, therefore it is considered to be a real threat to smartphone security.