TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones

Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their privacy-sensitive data. We address these shortcomings with TaintDroid, an efficient, systemwide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides real-time analysis by leveraging Android's virtualized execution environment. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of misappropriation of users' location and device identification information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.

[1]  Landon P. Cox,et al.  RedFlag: Reducing Inadvertent Leaks by Personal Machines , 2009 .

[2]  Andrew Warfield,et al.  Practical taint-based protection using demand emulation , 2006, EuroSys.

[3]  Bei Yu,et al.  TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[4]  William Enck,et al.  Preventing accidental data disclosure in modern operating systems , 2013, CCS.

[5]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[6]  David M. Eyers,et al.  DEFCON: High-Performance Event Processing with Information Security , 2010, USENIX Annual Technical Conference.

[7]  Michael Franz,et al.  Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[8]  Donald E. Porter,et al.  Laminar: practical fine-grained decentralized information flow control , 2009, PLDI '09.

[9]  Tzi-cker Chiueh,et al.  A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[10]  Landon P. Cox,et al.  TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.

[11]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[12]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[13]  Yang Tang,et al.  CleanOS: Limiting Mobile Data Exposure with Idle Eviction , 2012, OSDI.

[14]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[15]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[16]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[17]  R. Sekar,et al.  Efficient fine-grained binary instrumentationwith applications to taint-tracking , 2008, CGO '08.

[18]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[19]  Hao Chen,et al.  RetroSkeleton: retrofitting android apps , 2013, MobiSys '13.

[20]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[21]  Giovanni Vigna,et al.  Using Labeling to Prevent Cross-Service Attacks Against Smart Phones , 2006, DIMVA.

[22]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[23]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[24]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[25]  Steven Hand,et al.  Proceedings of the 25th Symposium on Operating Systems Principles , 2015, SOSP.

[26]  Boniface Hicks,et al.  From Languages to Systems: Understanding Practical Application Development in Security-typed Languages , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[27]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[28]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[29]  Alessandro Orso,et al.  WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation , 2008, IEEE Transactions on Software Engineering.

[30]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[31]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[32]  Trent Jaeger,et al.  Implicit Flows: Can't Live with 'Em, Can't Live without 'Em , 2008, ICISS.

[33]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[34]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[35]  Dawn Xiaodong Song,et al.  TaintEraser: protecting sensitive data leaks using application-level taint tracking , 2011, OPSR.

[36]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[37]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[38]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[39]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[40]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[41]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[42]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[43]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[44]  David Wetherall,et al.  Privacy oracle: a system for finding application leaks with black box differential testing , 2008, CCS.

[45]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[46]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[47]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[48]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[49]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[50]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[51]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[52]  Wei Xu,et al.  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.

[53]  Wouter Joosen,et al.  Security-by-contract on the .NET platform , 2008, Inf. Secur. Tech. Rep..

[54]  Sheng Liang,et al.  Java Native Interface: Programmer's Guide and Specification , 1999 .

[55]  Bi Wu,et al.  SpanDex: Secure Password Tracking for Android , 2014, USENIX Security Symposium.

[56]  Ninghui Li,et al.  PRECIP: Towards Practical and Retrofittable Confidential Information Protection , 2008, NDSS.

[57]  Stephen McCamant,et al.  DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.

[58]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[59]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[60]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[61]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[62]  Dawn Song,et al.  Privacy Scope: A Precise Information Flow Tracking System For Finding Application Leaks , 2009 .

[63]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.

[64]  Jon Howell,et al.  What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors , 2010 .

[65]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[66]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[67]  Herbert Bos,et al.  Pointless tainting?: evaluating the practicality of pointer tainting , 2009, EuroSys '09.

[68]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[69]  Xi Wang,et al.  Improving application security with data flow assertions , 2009, SOSP '09.

[70]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[71]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[72]  Andrew S. Tanenbaum,et al.  A Virtual Machine Based Information Flow Control System for Policy Enforcement , 2008, Electron. Notes Theor. Comput. Sci..

[73]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[74]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.