Technische Universitat Clausthal
Android's security framework has been an appealing subject of research in the last few years. Android has been shown to be vulnerable to application-level privilege escalation attacks, such as confused deputy attacks, and more recently, attacks by colluding applications. While most of the proposed approaches aim at solving confused deputy attacks, there is still no solution that simultaneously addresses collusion attacks. In this paper, the authors investigate the problem of designing and implementing a practical security framework for android to protect against confused deputy and collusion attacks.