The Transitivity Of Trust Problem In The Interaction Of Android Applications
Mobile phones have developed into complex platforms with large numbers of installed applications and awide
range of sensitive data. Application security policies limitthe permissions of each installed application. As applicationsmay
interact, restricting single applications may create a falsesense of security for the end users while data may still leavethe
mobile phone through other applications. Instead, theinformation flow needs to be policed for the composite system
ofapplications in a transparent and usable manner.
In this paper,we propose to employ static analysis based on the softwarearchitecture and focused data flow analysis to
scalable detectsinformation flows between components. Specifically, we aim toreveal transitivity of trust problems in multicomponent mobileplatforms. We demonstrate the feasibility of our approach with Android applications, although the
generalization of theanalysis to similar composition-based architectures, such as Service-oriented Architecture, can also be
explored in the future.