Many Android apps leak user privacy data

A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users' private information to remote advertising servers

A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users' private information to remote advertising servers, without the users being aware of what was being sent or to whom. In some cases, the user's location data was sent as often as every 30 seconds.

Android software piracy rampant despite Google's efforts to curb

The software, called TaintDroid, was designed to uncover how user-permitted applications actually access and use private or sensitive data, including location, phone numbers and even SIM card identifiers, and to notify users within seconds. The findings suggest that Android, and other phone operating systems, need to do more to monitor what third-party applications are doing under the covers of smartphones.

TaintDroid is a joint effort by Peter Gilbert and Landon Cox, Duke University; Jaeyeon Jung, Byung-Gon Chun and Anmol Sheth, of Intel Labs; and William Enck and Patrick McDaniel, of Penn State University. The team's paper, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones" is online and is being presented next week at the USENIX Symposium on Operating Systems Design and Implementation (OSDI).

The team's resources on "Realtime Privacy Monitoring on Smartphones" can be found online. And an FAQ gives a quick summary of the TaintDroid project.

Smartphone apps can combine data from remote cloud services with data pulled from the phone and its sensors, such as GPS receiver, camera, accelerometer, and microphone. And there are legitimate reasons for applications to access a range of user privacy data.

But today, Android, and other mobile operating systems, offer only basic controls: users can allow or not allow an application to access such information. But they can't control how that data is subsequently used by the application. The online Android Market passed the 50,000 apps milestone last April.

"For example, if a user allows an application to access her location information, she has no way of knowing if the application will send her location to a location-based service, to advertisers, to the application developer, or to any other entity," the authors note. "As a result, users must blindly trust that applications will properly handle their private data. This lack of transparency forces users to blindly trust that applications will properly handle private data."

A controversial study released in June 2010 by smartphone security vendor SMobile (just acquired by Juniper) said that 20% of Android applications were seeking access to sensitive data. The report was trumpeted in an barrage of scare headlines implying the applications therefore were unsafe. (Network World's own headline was a more circumspect: "20 percent of Android apps can threaten privacy, says vendor".)  Many Android developers noted that users explicitly grant permission to these applications, and access to such data is often necessary.

But the TaintDroid project digs deeper: the question is, once access is granted, what actually does the application do with the data?

TaintDroid begins with the assumption that every one of those 50,000 applications can't be trusted. Technically, says Duke's Peter Gilbert, TaintDroid is an extension to Android's virtual machine, called Dalvik, on which Android apps actually run. "In order to use TaintDroid, one must install our custom-built firmware," he says.

The code uses a technique called "dynamic tainting analysis," essentially labeling ("tainting") specific sensitive data, and then tracking the propagation of that data through files, programs and interprocess messages.

When tainted data are sent over the network, or leave the system in any way, TaintDroid logs the labels, the application responsible for the transmission and the transmission's destination. It creates a simple text alert for the user, showing what information was sent, and to whom.

"The current notification UI is just a preliminary prototype that we built to demo the TaintDroid system," says Jaeyeon Jung, research scientist with Intel Labs Seattle. "The research is well underway to build a privacy interface through which users can configure privacy settings and control data exposure on smartphones."

The prototype code was tested against 30 randomly selected, popular Android apps that use location, camera, or microphone data. The software flagged 105 instances in which these applications transmitted tainted data. The researchers concluded that 37 of those instances – just over one-third -- were legitimate. Fifteen of the apps reported users' locations to remote advertising servers. Seven collected the device ID and, sometimes, the phone number and the phone’s SIM card serial number.

"In all, two thirds of the applications in our study used sensitive data suspiciously," the paper concludes.

TaintDroid's information flow tracking is not foolproof: it can be circumvented by using what are called "implicit flows" to "leak" the data, according to the paper. The very use of implicit flows is an indicator of malicious intent, say the authors, who outline some countermeasures that can be applied.

One challenge in taint tracking is making it efficient, and the TaintDroid team focused a lot of work on using as few CPU cycles as possible. The researchers tested TaintDroid's performance, and found it created a runtime overhead of less than 14% in a CPU-bound benchmark.

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags consumer electronicsGoogleNetworkingsecuritywirelesssmartphonesPhonesDuke Universityintel

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Cox

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?