Overview of information flow tracking techniques based on taint analysis for Android

Smartphones today are ubiquitous source of sensitive information. Information leakage instances on the smartphones are on the rise because of exponential growth in smartphone market. Android is the most widely used operating system on smartphones. Many information flow tracking and information leakage detection techniques are developed on Android operating system. Taint analysis is commonly used data flow analysis technique which tracks the flow of sensitive information and its leakage. This paper provides an overview of existing Information flow tracking techniques based on the Taint analysis for android applications. It is observed that static analysis techniques look at the complete program code and all possible paths of execution before its run, whereas dynamic analysis looks at the instructions executed in the program-run in the real time. We provide in depth analysis of both static and dynamic taint analysis approaches.

[1]  Antonio Scarfò,et al.  New Security Perspectives around BYOD , 2012, 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications.

[2]  Bryan McCarthy These Aren't The Drones You're Looking For , 2014 .

[3]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[4]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[6]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[7]  Roksana Boreli,et al.  On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[8]  Johannes Köstler,et al.  Kynoid: Real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android , 2013, Inf. Secur. Tech. Rep..

[9]  K. Yi,et al.  Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[10]  Jeffrey M. Voas,et al.  BYOD: Security and Privacy Considerations , 2012, IT Professional.

[11]  Fernando C. Colón Osorio,et al.  “TrustDroid™”: Preventing the use of SmartPhones for information leaking in corporate networks through the used of static analysis taint tracking , 2012, 2012 7th International Conference on Malicious and Unwanted Software.

[12]  Eric Bodden,et al.  SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks , 2013 .

[13]  Jacques Klein,et al.  Highly precise taint analysis for Android applications , 2013 .

[14]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[15]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.