A Practical Compartmentation Approach for the Android App Coexistence

Android operation system (OS) provides a number of covert and overt communication channels between applications. This significant promotes inter-app collaboration and reduces development time and cost by facilitating component reuse. Unfortunately, inter-app communication has been shown to be vulnerable to privilege escalation attacks, such as confused deputy attacks, collusion attacks. It is an economic and effective method to mitigate privilege escalation attacks by isolation. However, it is unclear which apps should be put together in the same compartment. In addition, users rely on some inter-app collaborations to provide services. This paper seeks a practice isolation approach which keeps app usage patterns and mitigates security threats from inter-app communication for apps coexistence. To this end, we introduce association rules to mine practical app usage patterns which users like to put some apps together on the same device and rely on the collaboration between these apps to provide services. In addition, we propose inter-app communication analysis to filter out uninteresting rules. Furthermore, we propose a security compartmentation approach that segregates apps into isolated groups and keeps practical app usage patterns in compartments. The method leverages a risk assessment method which assesses the perils of apps coexistence and conveys compartmentation problem to knapsack problem. Our experiments used 3 classical heuristic algorithms to solve the knapsack problem and discuss how good compartmentation solutions can be obtained.