Analyzing Covert Channels on Mobile Devices

In this work we investigate the problem of stealthy communication between colluding applications on smartphones running the popular Android operating system. Through collusion, applications can cooperatively perform operations they would not be able to perform separately, thus escalating their privileges. This can result in privacy infringements and user data leakage. In order to collude, the two applications must communicate in a way that can bypass the application isolation put in place by the operating system. Throughout this thesis we present different ways to bypass the isolation and thereby allow application collusion. As covert channels are by definition harder to implement but also harder to detect, we use them to create a circumvention that is harder to defeat. To understand the full extent of this problem, we implement very different overt and covert channels and analyse them by testing their throughput, bit-error percentage and synchronisation time. Using our implemented channels we analyse some previously existing countermeasures, in particular TaintDroid and XManDroid, and comment on the countermeasures strengths and limitations. Finally we use the lessons learned from implementing these channels and propose individual countermeasures, which can reduce the feasibility of creating such channels. In this scenario preventing hidden communication channels remains an open problem that we believe the research community should put more focus on.