Welcome to the ACiD homepage!
ACiD is a collaborative project funded by the EPSRC between City University London, Swansea University, Coventry University and Intel Security (McAfee). ACiD started in July 2014 and it is planned to be completed by July 2017.
Malware has been a major problem in desktop computing for decades. With the recent trend towards mobile computing, malware is moving rapidly to smartphone platforms. Smartphones pose a particular security risk because they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections).
By design, Android is “open” to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sandboxing, and permissions. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps for which combined permissions allow them to carry out attacks. A basic example of collusion consists of one app permitted to access personal data, which passes the data to a second app allowed to transmit data over the network. While collusion is not a widespread threat today, it opens an avenue to circumvent Android permission restrictions that could be easily exploited by criminals to become a serious threat in the near future.
The ACiD project aims to develop novel theoretical methods and tools to detect apps suspected of collusion and perform formal safety checking. The resulting methods will be deployed and tested by the industry partner. ACiD will help to proactively defend smart phones against the emerging threat of colluding apps. This would have broad benefits to researchers, security and telecommunications industries, and society in general.