TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
- pp 393-407
Reads0
Chats0
TLDR
Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.Abstract:
Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android's virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users' private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.read more
Citations
More filters
Proceedings ArticleDOI
The Spyware Used in Intimate Partner Violence
Rajdeep Mohan Chatterjee,Periwinkle Doerfler,Hadas Orgad,Sam Havron,Jackeline Palmer,Diana Freed,Karen Levy,Nicola Dell,Damon McCoy,Thomas Ristenpart +9 more
TL;DR: This work designs, implements, and evaluates a measurement pipeline that combines web and app store crawling with machine learning to find and label apps that are potentially dangerous in IPS contexts, and identifies several hundred IPS-relevant apps.
Journal ArticleDOI
Conceptual framework for the security of mobile health applications on Android platform
Muzammil Hussain,A. A. Zaidan,B.B. Zidan,S. Iqbal,Mohammad Masroor Ahmed,Osamah Shihab Albahri,Ahmed Shihab Albahri +6 more
TL;DR: A conceptual framework to improve the security of medical data associated with Android mHealth applications, as well as to protect the privacy of their users is presented.
Journal ArticleDOI
Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern Smartphone Systems
TL;DR: It is shown that the way in which permission-based mechanisms are used on today's mobile platforms enables attacks by colluding applications that communicate over overt and covert communication channels, and that application permissions should be displayed to the users differently, reflecting their actual implications.
Proceedings ArticleDOI
PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices
Yihang Song,Urs Hengartner +1 more
TL;DR: This work presents PrivacyGuard, an open-source VPN-based platform for intercepting the network traffic of applications, and investigates its use for detecting the leakage of multiple types of sensitive data, such as a phone's IMEI number or location data.
Journal ArticleDOI
Steganography in Modern Smartphones and Mitigation Techniques
TL;DR: This paper surveys the state of the art of steganographic techniques for smartphones, with emphasis on methods developed over the period 2005 to the second quarter of 2014, and showcases the most popular software applications to embed secret data into carriers.
References
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Journal ArticleDOI
Language-based information-flow security
Andrei Sabelfeld,Andrew C. Myers +1 more
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
Journal ArticleDOI
A lattice model of secure information flow
TL;DR: The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.
Proceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
TL;DR: TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.
Proceedings ArticleDOI
JFlow: practical mostly-static information flow control
TL;DR: The new language JFlow is described, an extension to the Java language that adds statically-checked information flow annotations and provides several new features that make information flow checking more flexible and convenient than in previous models.