The first documented example of app collusion is Soundcomber. This proof of concept malware is composed by two apps. The first app, which requires only access to the device microphone (RECORD_AUDIO permission), listens for calls to telephone banking services and extracts the digits pressed by the user. The second app, which requires only internet access (INTERNET permission), transmits the stolen information to a remote server. Extracted sensitive information is transmitted to the second app using Android covert channels (file locks, settings modifications, etc.).
Similar projects and research work have addressed the problem of collusion. Here you can find links to some of them:
- FUSE from Galois
- A key member of the FUSE team (Rogan Creswick) participated in ACiD project meeting held from 2nd – 3rd July 2015 at City University, London.
- Didfail from CERT
- ComDroid from University of California
- FlowDroid from University of Darmstadt