AppHolmes: Detecting and Characterizing App Collusion among Third-Party Android Markets

Author(s): Mengwei Xu, Yun Ma, Xuanzhe Liu, Felix Xiaozhu Lin, Yunxin Liu
Venue: International Conference on World Wide Web
Date: April 2017

Type of Experiement: Case Study
Sample Size: 10000
Class/Experience Level: Other
Participant Selection: Selected 10,000 apps from Baidu, Tencent, and Wandoujia app stores
Data Collection Method: Observation


This study aimed to discover how common "collusion" between apps from 3rd party android markets is. Collusion is defined as an app that the user opens launching another app in the background, without the user's permission. To help with this analysis, they created a tool called "AppHolmes" which does static analysis to determine when apps make calls to launch other apps. Two things that I found interesting were the conclusions of the resource usage that background apps can take up - for every foreground app, the background apps can lead to 202 MB of memory usage, and 9% more CPU usage, and battery life is reduced by 57%.

The mains reason for this background app usage also turned out to not be malicious coding by the app developers, but in 77% of cases was due to using third-party push services. This can teach us to not always blindly trust third party libraries that we are using, and to make sure we implement them correctly, otherwise performance may suffer.