DroidData: Tracking and Monitoring Data Transmission in the Android Operating System

Most of the millions of Android users worldwide use applications from the official Android market (Google Play store) and unregulated alternative markets to get more functionality from their devices. Many of these applications transmit sensitive data stored on the device, either maliciously or accidentally, to outside networks. In this paper, we will study the ways that Android applications transmit data to outside servers and propose a user-friendly application, DroidData, to inform and protect the user from these security risks. We will use tools such as TaintDroid, AppIntent, and Securacy to propose an application that reveals what types of data are being transmitted from apps, the location to which the data is being transmitted, whether the data is being transmitted through a secure channel (such as HTTPS) and whether the user is aware that the information is being transmitted. The application will generate a report that allows the user to block the application that leaks sensitive information. In doing so, we will examine the importance, relevance, and prevalence of these Android Data security issues.

[1]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[2]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[3]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[4]  Jedidiah McClurg,et al.  Leak Detection via Dynamic Taint Analysis , 2012 .

[5]  Songwu Lu,et al.  Accounting for roaming users on mobile data access: issues and root causes , 2013, MobiSys '13.

[6]  Eric Bodden,et al.  SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks , 2013 .

[7]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[8]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[9]  Nikolay Elenkov Android Security Internals: An In-Depth Guide to Android's Security Architecture , 2014 .

[10]  Carol J. Fung,et al.  A Survey of Android Security Threats and Defenses , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[11]  Keqin Li,et al.  Implicit flows in malicious and nonmalicious code , 2010, Logics and Languages for Reliability and Security.

[12]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[13]  Denzil Ferreira,et al.  Securacy: an empirical investigation of Android applications' network usage, privacy and security , 2015, WISEC.

[14]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.