EPSRC logo

Details of Grant 

EPSRC Reference: EP/L022699/1
Title: App Collusion Detection (ACID)
Principal Investigator: Chen, Professor T
Other Investigators:
Researcher Co-Investigators:
Project Partners:
McAfee Labs
Department: Sch of Engineering and Mathematical Sci
Organisation: City, University of London
Scheme: Standard Research
Starts: 21 July 2014 Ends: 20 July 2017 Value (£): 174,970
EPSRC Research Topic Classifications:
Fundamentals of Computing Mobile Computing
Networks & Distributed Systems
EPSRC Industrial Sector Classifications:
Creative Industries Information Technologies
Related Grants:
EP/L022656/1 EP/L022737/1
Panel History:
Panel DatePanel NameOutcome
22 Jan 2014 BACCHUS Full Proposals Announced
Summary on Grant Application Form
Malware has been a major problem in desktop computing for decades. With the recent trend towards mobile computing, malware is moving rapidly to smartphone apps. Our business partner McAfee alone collected 17,000 Android malware samples in the most recent quarter, double the rate of the previous year. Criminals are clearly motivated by the opportunity - about one billion smartphones will be sold in 2013, predominantly Android, with more than 10 billion apps downloaded to date.

Smartphones pose a particular security risk because they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). By design, Android is "open" in its flexibility to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sandboxing, and permissions.

Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app can accomplish by itself. A basic example of collusion consists of one app permitted to access personal data, which passes the data to a second app allowed to transmit data over the network. While collusion is not a widespread threat today, it opens an avenue to circumvent Android permission restrictions that could be easily exploited by criminals to become a serious threat in the near future.

The UK Cyber Security Strategy notes that UK industry, as well as the public, needs to have confidence in a safe cyber space. Emerging privacy threats to smartphones are particularly timely to address considering the current controversies about US government data collection and monitoring of private communications. Sensitive data leakage is the main security risk posed by colluding apps, and the proposed project will help maintain users' confidence in smartphone privacy.

Currently almost all academic and industry efforts are focusing on detection of single malicious apps. Almost no attention has been given to colluding apps. The threat has been demonstrated only recently. The threat of colluding apps is challenging to detect because of the myriad and possibly stealthy ways in which apps might communicate and collude. Existing antivirus products are not designed to detect collusion. Preliminary research in the literature has not found any reliable means to detect collusion.

This project directly addresses the aims of the BACCHUS call by building an important collaboration between McAfee and academic experts in network security, intrusion detection, and formal methods to develop innovative methods for collusion detection. Our industry partner McAfee is a global leading security company with extensive facilities for monitoring, collecting, and analyzing smartphone threats.

This project aims to develop novel theoretical and practical methods to detect apps suspected of collusion and perform formal safety checking. The resulting methods will be deployed and tested by the industry partner, McAfee Labs, in their global Threat Intelligence System. If successful, the research project will help to proactively defend smart phones against the emerging threat of colluding apps. McAfee products are some of the most popular with the consumers in the UK, providing day-to-day guarding against PC and mobile threats.

Success in this project would mean a rare opportunity for the cyber security community to stay ahead of an emerging threat instead of reacting to a threat already prevalent.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.city.ac.uk