Many Android apps leak user privacy data

A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users' private information to remote advertising servers

A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users' private information to remote advertising servers, without the users being aware of what was being sent or to whom. In some cases, the user's location data was sent as often as every 30 seconds.

Android software piracy rampant despite Google's efforts to curb

The software, called TaintDroid, was designed to uncover how user-permitted applications actually access and use private or sensitive data, including location, phone numbers and even SIM card identifiers, and to notify users within seconds. The findings suggest that Android, and other phone operating systems, need to do more to monitor what third-party applications are doing under the covers of smartphones.

TaintDroid is a joint effort by Peter Gilbert and Landon Cox, Duke University; Jaeyeon Jung, Byung-Gon Chun and Anmol Sheth, of Intel Labs; and William Enck and Patrick McDaniel, of Penn State University. The team's paper, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones" is online and is being presented next week at the USENIX Symposium on Operating Systems Design and Implementation (OSDI).

The team's resources on "Realtime Privacy Monitoring on Smartphones" can be found online. And an FAQ gives a quick summary of the TaintDroid project.

Smartphone apps can combine data from remote cloud services with data pulled from the phone and its sensors, such as GPS receiver, camera, accelerometer, and microphone. And there are legitimate reasons for applications to access a range of user privacy data.

But today, Android, and other mobile operating systems, offer only basic controls: users can allow or not allow an application to access such information. But they can't control how that data is subsequently used by the application. The online Android Market passed the 50,000 apps milestone last April.

"For example, if a user allows an application to access her location information, she has no way of knowing if the application will send her location to a location-based service, to advertisers, to the application developer, or to any other entity," the authors note. "As a result, users must blindly trust that applications will properly handle their private data. This lack of transparency forces users to blindly trust that applications will properly handle private data."

A controversial study released in June 2010 by smartphone security vendor SMobile (just acquired by Juniper) said that 20% of Android applications were seeking access to sensitive data. The report was trumpeted in an barrage of scare headlines implying the applications therefore were unsafe. (Network World's own headline was a more circumspect: "20 percent of Android apps can threaten privacy, says vendor".)  Many Android developers noted that users explicitly grant permission to these applications, and access to such data is often necessary

But the TaintDroid project digs deeper: the question is, once access is granted, what actually does the application do with the data?

TaintDroid begins with the assumption that every one of those 50,000 applications can't be trusted. Technically, says Duke's Peter Gilbert, TaintDroid is an extension to Android's virtual machine, called Dalvik, on which Android apps actually run. "In order to use TaintDroid, one must install our custom-built firmware," he says.

The code uses a technique called "dynamic tainting analysis," essentially labeling ("tainting") specific sensitive data, and then tracking the propagation of that data through files, programs and interprocess messages.

When tainted data are sent over the network, or leave the system in any way, TaintDroid logs the labels, the application responsible for the transmission and the transmission's destination. It creates a simple text alert for the user, showing what information was sent, and to whom.

"The current notification UI is just a preliminary prototype that we built to demo the TaintDroid system," says Jaeyeon Jung, research scientist with Intel Labs Seattle. "The research is well underway to build a privacy interface through which users can configure privacy settings and control data exposure on smartphones."

The prototype code was tested against 30 randomly selected, popular Android apps that use location, camera, or microphone data. The software flagged 105 instances in which these applications transmitted tainted data. The researchers concluded that 37 of those instances – just over one-third -- were legitimate. Fifteen of the apps reported users' locations to remote advertising servers. Seven collected the device ID and, sometimes, the phone number and the phone’s SIM card serial number.

"In all, two thirds of the applications in our study used sensitive data suspiciously," the paper concludes.

TaintDroid's information flow tracking is not foolproof: it can be circumvented by using what are called "implicit flows" to "leak" the data, according to the paper. The very use of implicit flows is an indicator of malicious intent, say the authors, who outline some countermeasures that can be applied.

One challenge in taint tracking is making it efficient, and the TaintDroid team focused a lot of work on using as few CPU cycles as possible. The researchers tested TaintDroid's performance, and found it created a runtime overhead of less than 14% in a CPU-bound benchmark.

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.

Join the PC World newsletter!

Error: Please check your email address.

Tags Googleconsumer electronicssecurityNetworkingPhonessmartphoneswirelessDuke Universityintel

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Cox

Network World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?