Abstract
Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their privacy-sensitive data. We address these shortcomings with TaintDroid, an efficient, systemwide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides real-time analysis by leveraging Android's virtualized execution environment. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of misappropriation of users' location and device identification information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.
Original language | English (US) |
---|---|
Pages (from-to) | 99-106 |
Number of pages | 8 |
Journal | Communications of the ACM |
Volume | 57 |
Issue number | 3 |
DOIs | |
State | Published - Mar 2014 |
All Science Journal Classification (ASJC) codes
- General Computer Science