FUSE: Multi-app Analysis

Field Unit Security Enforcer (FUSE) is a DARPA-funded tool to help security analysts see how a collection of apps operates together in the context of a full device image. FUSE is one component of an all-inclusive mobile device audit. FUSE provides an overview of a collection of apps, showing the potential data flows within that collection.

ATPlogo

FUSE was funded by the DARPA program TransApps.

App Collusion: Subtle Exfiltration

FUSE combines information from the static analysis of multiple apps to give security analysts the ability to quickly see where collusion or other undesirable interaction may occur—interactions that no single-app analysis can reveal. Analysts can combine the information from the resulting visual data flow graphs with their expert domain knowledge to focus their attention on the applications that pose the greatest risk.

The FUSE tool is also interactive: Analysts can filter different types of data flow, select subsets of apps, and dive into the details, revealing the bytecode locations responsible for data transfer.

No Source Needed

The FUSE analysis runs on compiled Android APKs, meaning you can run FUSE on any Android applications, and FUSE integrates seamlessly into your existing development workflows.

FUSE also works with third-party apps because it operates on APKs directly, with full support for all the FUSE features:

  • Examine all data flow paths possible in a collection of Android apps.
  • Identify the specific methods responsible for data flows.

Filter by customizing the visible data flow types and hiding trusted nodes to focus on potentially dangerous capabilities.

This seems like a very useful tool indeed. Nice work! I feel like I can get a very quick assessment of what apps are "working" with other apps in the kit.

— Android Security Analyst