TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
- pp 393-407
Reads0
Chats0
TLDR
Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.Abstract:
Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android's virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users' private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.read more
Citations
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Proceedings ArticleDOI
Dissecting Android Malware: Characterization and Evolution
Yajin Zhou,Xuxian Jiang +1 more
TL;DR: Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software.
Proceedings ArticleDOI
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.
TL;DR: DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms.
Proceedings ArticleDOI
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
Steven Arzt,Siegfried Rasthofer,Christian Fritz,Eric Bodden,Alexandre Bartel,Jacques Klein,Yves Le Traon,Damien Octeau,Patrick McDaniel +8 more
TL;DR: FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.
Proceedings ArticleDOI
Android permissions: user attention, comprehension, and behavior
TL;DR: It is found that current Android permission warnings do not help most users make correct security decisions, however, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension.
References
More filters
Proceedings ArticleDOI
Practical taint-based protection using demand emulation
TL;DR: This paper demonstrates the use of a well-known technique, data tainting, to track data received from the network as it propagates through a system and to prevent its execution, and demonstrates the ability to dynamically switch a running system between virtualized and emulated execution.
Proceedings ArticleDOI
Practical and lightweight domain isolation on Android
Sven Bugiel,Lucas Davi,Alexandra Dmitrienko,Stephan Heuser,Ahmad-Reza Sadeghi,Bhargava Shastry +5 more
TL;DR: The design and implementation of the TrustDroid framework, which in contrast to existing solutions enables isolation at different layers of the Android software stack, accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way.
Proceedings ArticleDOI
Improving application security with data flow assertions
TL;DR: Using Resin, Web application programmers can prevent a range of problems, from SQL injection and cross-site scripting, to inadvertent password disclosure and missing access control checks, by allowing programmers to specify application-level data flow assertions.
Journal ArticleDOI
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
TL;DR: A new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques is presented and implemented in the Web application SQL-injection preventer tool.
Proceedings ArticleDOI
Quantitative information flow as network flow capacity
TL;DR: A new technique for determining how much information about a program's secret inputs is revealed by its public outputs is presented, which achieves a more precise quantitative result by computing a maximum flow of information between the inputs and outputs.