FUSE: Inter-Application Security for Android
Small Business Information
421 SW Sixth, Suite 300, Portland, OR, 97204
AbstractMobile applications are becoming ubiquitous, appearing in many new situations. Some of these areas have specific requirements pertaining to information flow and device functionality. However, software on these devices is currently unregulated, and there are mechanisms within the mobile operating systems that facilitate unintended and undesirable information sharing as well as granting excessive control to untrusted applications. To demonstrate this problem, we have created sample applications that exhibit unexpected capabilities in a manner that is (a) trivially implemented, (b) conforms to the advertised mechanisms for protecting such functionality, and (c) can easily go unnoticed by the user. Our proposed Field Unit Security Enforcer (FUSE) system will detect and alert the user to the presence of unintended capabilities, such as those demonstrated in the sample applications. FUSE will operate by performing a static analysis of each application's configuration and byte code before that application is installed on an Android platform.
* information listed above is at the time of submission.