Jul 8, 2016
New security tool addresses Android app collusion threat
Posted by Karen Hurst in category: security
As we reported last month app collusion, where apps work together to extract sensitive data, now represents a very real security risk to mobile devices.
To address this emerging threat, component technology firm Formaltech, today is releasing FUSE, a DARPA-funded tool that detects inter-application collusion and other vulnerabilities in Android apps.
The FUSE platform identifies potential security vulnerabilities and tracks information flow through multiple apps, revealing potential collusion between apps. The tool uses static binary analysis to detect vulnerabilities without requiring the source code of the apps, allowing security professionals to analyze third party apps without the need for vendor cooperation. It operates in the cloud, supporting Android app (APK) analysis from anywhere. Developers and testers can easily drill down into the FUSE interface when FUSE displays errors, warnings and informational alarms.