TaintDroid

TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. Today’s smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users’ private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.

Keywords for this software

Anything in here will be replaced on browsers that support the canvas element

References in zbMATH (referenced in 9 articles )

Showing results 1 to 9 of 9.
Sorted by year (citations)

  1. Ferrara, Pietro; Olivieri, Luca; Spoto, Fausto: \textsfBackFlow: backward context-sensitive flow reconstruction of taint analysis results (2020)
  2. Sahabandu, Dinuka; Moothedath, Shana; Allen, Joey; Bushnell, Linda; Lee, Wenke; Poovendran, Radha: Stochastic dynamic information flow tracking game with reinforcement learning (2019)
  3. Brett, Noel; Siddique, Umair; Bonakdarpour, Borzoo: Rewriting-based runtime verification for alternation-free HyperLTL (2017)
  4. Skovoroda, A. A.; Gamayunov, D. Y.: Automated static analysis and classification of android malware using permission and API calls models (2017)
  5. Seghir, Mohamed Nassim; Aspinall, David: EviCheck: digital evidence for Android (2015)
  6. Dmitrienko, Alexandra; Liebchen, Christopher; Rossow, Christian; Sadeghi, Ahmad-Reza: On the (in)security of mobile two-factor authentication (2014) ioport
  7. Lourenço, Luísa; Caires, Luís: Information flow analysis for valued-indexed data security compartments (2014)
  8. Zhu, Haiyan; Dillig, Thomas; Dillig, Isil: Automated inference of library specifications for source-sink property verification (2013)
  9. Finnis, Joshua; Saigal, Nalin; Iamnitchi, Adriana; Ligatti, Jay: A location-based policy-specification language for mobile devices (2012) ioport