The Transitivity of Trust Problem in the Interaction of Android Applications
Source: Cornell University
Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, the authors propose to employ static analysis based on the software architecture and focused data flow analyses to scalable detect information flows between components. Specifically, they aim to reveal transitivity of trust problems in multi-component mobile platforms.