Runtime detection of privacy leaks in Android smartphone

Abstract

Nowadays, developing Android applications is becoming easier and simpler. More and more new applications are coming out in the Android market, Play Store. At the same time, there are also developers that use their applications as a platform in gathering user’s confidential data. To deter this, TaintDroid, a dynamic taint monitoring system, will be used to detect these kind of privacy violation by applications. The popular and free applications will be the subjects of this experiment. TaintDroid will detect and log down any application that capture user’s confidential data then send it to the network. Likewise, experiment on malware applications will also be conducted. At the same time while doing the experiment, TaintDroid will also be tested on the effectiveness on how well it tracked. The result shows that out of 60 popular applications and 10 malware applications tested, TaintDroid has detected data leakage on these applications. Most of the data collected by the applications were IMEI number, contacts from address book and SMS messages. However, only less than 50 percent of the tested applications send those data out into the network. There are also a few applications that send data in plaintext which is a dangerous way to do. Since messages can be easily intercept during the network transmission. TaintDroid also has some limitation on applications that uses third party native libraries. Applications can also use some methods such as control dependencies to avoid the detection of TaintDroid. This shows that TaintDroid is still far from being a full control tracking system. Therefore, TaintDroid should continue to upgrade its firmware to support the advancing of Android operating system version. At the same time, eliminate those limitations to become a better taint tracking system.