TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
- pp 393-407
Reads0
Chats0
TLDR
Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.Abstract:
Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android's virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users' private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.read more
Citations
More filters
Proceedings ArticleDOI
Detecting sensitive data disclosure via bi-directional text correlation analysis
TL;DR: BidText is a novel static technique to detect sensitive data disclosures that is evaluated on 10,000 Android apps and features a novel bi-directional propagation technique that propagates the variable label sets through forward and backward data-flow.
Proceedings ArticleDOI
On the energy overhead of mobile storage systems
TL;DR: A storage energy model for mobile platforms is proposed to help developers optimize the energy requirements of storage intensive applications and a few optimizations are proposed to reduce the energy consumption of storage systems on these platforms.
Tracking the Trackers: Towards Understanding the MobileAdvertising and Tracking Ecosystem
Narseo Vallina-Rodriguez,Srikanth Sundaresan,Abbas Razaghpanah,Rishab Nithyanand,Mark Allman,Christian Kreibich,Phillipa Gill +6 more
Abstract: Third-party services form an integral part of the mobile ecosystem: they allow app developers to add features such as performance analytics and social network integration, and to monetize their apps by enabling user tracking and targeted ad delivery. At present users, researchers, and regulators all have at best limited understanding of this third-party ecosystem. In this paper we seek to shrink this gap. Using data from users of our ICSI Haystack app we gain a rich view of the mobile ecosystem: we identify and characterize domains associated with mobile advertising and user tracking, thereby taking an important step towards greater transparency. We furthermore outline our steps towards a public catalog and census of analytics services, their behavior, their personal data collection processes, and their use across mobile apps.
Proceedings ArticleDOI
Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications
TL;DR: This paper designs and implements OPAnalyzer, a static analysis tool which can effectively identify and characterize vulnerable open port usage in Android applications, and successfully classifies 99% of the mobile usage of open ports into 5 distinct families.
Journal ArticleDOI
Towards Model Checking Android Applications
Guangdong Bai,Quanqi Ye,Yongzheng Wu,Heila Botha,Jun Sun,Yang Liu,Jin Song Dong,Willem Visser +7 more
TL;DR: DroidPF precisely identifies nearly all of the previously known security issues and nine previously unreported vulnerabilities/bugs in Android apps, including sensitive data leakage involving a non-trivial flow- and context-sensitive taint-style analysis.
References
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Journal ArticleDOI
Language-based information-flow security
Andrei Sabelfeld,Andrew C. Myers +1 more
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
Journal ArticleDOI
A lattice model of secure information flow
TL;DR: The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.
Proceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
TL;DR: TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.
Proceedings ArticleDOI
JFlow: practical mostly-static information flow control
TL;DR: The new language JFlow is described, an extension to the Java language that adds statically-checked information flow annotations and provides several new features that make information flow checking more flexible and convenient than in previous models.