Android users know the routine: download an app and a box appears asking for permission to talk to other apps. Knowing that the app needs that access to work properly, the user clicks “OK” without a second thought. But what happens when one app abuses that access to tamper with another?
The answer, according to Oxford University researchers Vincent Taylor, Alastair Beresford and Ivan Martinovic, is that the Android device itself can be compromised and the user’s data stolen. They call this kind of attack intra-library collusion (ILC) and describe it this way in a paper they published on August 11: