A. Contribution

  1. Problem addressed by the paper

Providing smartphone users with more control over and visibility into how third party applications utilize their private information.

  1. Solution proposed in the paper. Why is it better than previous work?

Variable level taint tracking implemented as Android firmware, system wide. Previous works cannot track sensitive information within untrusted applications. Other previous works cannot track sensitive information if encrypted. Others require careful development and often incompatible with legacy software design.

  1. The major results

Successfully reveals that two-third of 30 applications tested showed suspicious handling of users’ private data and 15 of them reported user’s locations to remote advertising servers. TaintDroid also does those with low performance overhead.

B. Basic idea and approach. How does the solution work?

The authors implemented an Android firmware which provides variable-level taint marking for sensitive information and then track those information flow system-wide. Then the authors tested TaintDroid to monitor the behavior of 30 popular applications which require permission to access internet along with location, camera, and or audio data.


C. Strengths

  1. The authors made their source code open. This will trigger more research and improvement by others.
  2. The authors updated their firmware to support Android 4.3. Although they use Android 2.1 at publication time of the paper (2010). This means they continue working on it.
  3. The paper and firmware has a dedicated web page at appanalysis.org.
  4. Proving that Android itself by default is not enough to protect users’ privacy.

D. Weaknesses

  1. Users have to flash their smartphones in order to use TaintDroid. This is too complicated for end-user.
  2. TaintDroid can still be circumvented by malicious applications that implement implicit data flow. That means some applications that are intended to be malicious can still skip TaintDroid monitoring.
  3. TaintDroid did not monitor all methods available. Only 913 out of 2,844 JNI methods available in Android. There are still 1,931 methods unmonitored.
  4. There are false positives.
  5. No action provided on the notification. Users should be able to act upon notification that an application has a potential privacy leakage. The action could be: to rate the application, to report it as malicious, to report the notification as false positive, or to uninstall the application.

E. Future work, Open issues, possible improvements

  1. Google should use it in their applications submission system. Google can access third party applications source codes. With source code analysis, it could be improved to enumerate information flow for all 2,844 JNI methods available in Android.
  2. Word level taint tags and additional consistency check can provide more accurate propagation for unpacked variables.