Mobile
Commentary
4/14/2011
04:17 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Researchers Aim To Stop Android Data Leaks

Security capabilities shouldn't need to be bolted onto the mobile operating system, but unfortunately we're headed down the same painful path with smartphones and tablets that we took with desktops and notebooks.

Researchers at North Carolina State University have developed software that aims to protect Android smartphone users' data from being stolen. My question: Is this really necessary?

The answer is probably "yes." But should it be?

Dr. Xuxian Jiang, an assistant professor of computer science at N.C. State and co-author of a paper describing the research, said in a statement, "There are a lot of concerns about potential leaks of personal information from smartphones."

No argument.

And to help Android users regain some control over their information, the team developed software they say will give users flexible control over what personal information is made available to what applications. They've named the software, Taming Information-Stealing Smartphone Applications, or TISSA.

In their statement, the team said TISSA works by creating a privacy setting manager that enables users to customize the level of information each smartphone application can access. Those settings can be adjusted any time that the relevant applications are being run–instead of just at their installation.

TISSA, currently in prototype, includes four possible privacy settings for each application: Trusted, Anonymized, Bogus, and Empty, according to their statement. "If an application is listed as Trusted, TISSA does not impose additional information access restrictions. If the user selects Anonymized, TISSA provides the application with generalized information that allows the application to run, without providing access to detailed personal information. The Bogus setting provides an application with fake results when it requests personal information. The Empty setting responds to information requests by saying the relevant information does not exist or is unavailable," they said.

Now, why wouldn't this be a good idea? Why wouldn't people want a Personally Identifiable Information firewalled? They would. That's not the problem. The problem is that these sort of capabilities shouldn't have to be bolted onto the mobile operating system. They should be built into the feature set of the phone.

But it won't be that way. We have anti-virus for mobile, firewalls, and now this type of information protection. We are going down the same painful path with smartphones and tablets that we took with desktops and notebooks–and we haven't learned a thing.

The paper, "Taming Information-Stealing Smartphone Applications (on Android)," was co-authored by Jiang; Yajin Zhou, a Ph.D. student at NC State; Dr. Vincent Freeh, an associate professor of computer science at NC State; and Dr. Xinwen Zhang of Huawei America Research Center. The paper will be presented in June at the 4th International Conference on Trust and Trustworthy Computing, in Pittsburgh, Pa.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.