15 Aug Sneaky App Developers May Leverage Intra-Library Collusion to Collect Data
Researchers from Oxford state that attackers, as well as advertisers, may begin to exploit a feature called “intra-library collusion” (ILC) in mobile OSes to collect private information in smartphones.
ILC allows individual libraries to get greater privileges by virtue of being embedded within multiple apps that have their own distinct set of permissions. The researchers say that since this is a feature and not a bug, it can give underhanded ad networks opportunities to improve data collection without needing extra permissions from users.
They also note that in such scenarios, sneaky app developers may not want to support library privilege separation since it can have a negative impact on their profits.
Source: The Register