View article

Android is a popular Linux-based smartphone operating system designed by Google. One of the primary adantages of Android is its relatively high level of security, centered on Unix processes and an explicit permissions system. Unfortunately, Android devices are still vulnerable to several types of attacks, a particularly concerning one being privacy leaks. Since devices store a large amount of sensitive information, it is important that this information not be leaked via internet connections or SMS messaging. We propose an integrated system to detect such privacy leaks via dynamic taint analysis. We have built a PC-based Java application to instrument apps with taint propagation functionality, and a proof-of-concept Android app to demonstrate that this system could conceivably be run on the device. The results of running several instrumented apps show that the system is effective at detecting privacy leakage with relatively minimal overhead.