TaintDroid found that half of tested apps shared sensitive user data with advertisers.
(click image for larger view)
Slideshow: Top 20 Android Productivity Apps
The source code for TaintDroid, a tool that discovered half the tested Android smartphone apps were sending sensitive information to ad companies' servers, now is available for free download.
It uses dynamic taint analysis to mark information of interest with an identifier or "taint." The taint remains with this data when it is used, and the tracking system monitors its movement, such as the Internet destination of the user's information. It then sends the user a notification of the data's movement, once the app is closed.
"This automatic feedback gives users greater insight into what their mobile applications are doing and could help users decide whether they should consider uninstalling an app," said Peter Gilbert, a graduate student in computer science at Duke University, and one of TaintDroid's developers.
TaintDroid is a research prototype, and developers set up a TaintDroid discussion group for those interested in building, installing, and running the technology. The guide assumes users have a development computer configured to build the Android source code; a Nexus One running Android 2.1; and an unlocked bootloader. TaintDroid strongly recommends users use the nandroid tool provided in a custom recovery firmware such as Amon_RA to back up the existing Nexus One system before flashing new images to the device.
Earlier this fall, a team of computer engineers wrote TaintDroid and installed the software on an Android smartphone to monitor how 30 mobile phone applications for social networking, wallpaper apps, and downloadable games used proprietary user data. They found 15 sent sensitive information -- including the phone's location -- to several ad companies' servers. In addition, two of the 30 randomly selected Android apps shared the mobile phone number and SIM card identifiers with random servers. In the case of one wallpaper app, data appeared to transmit to a website in Shenzhen, China.
Landon Cox, an assistant computer science professor at Duke and Gilbert's advisor, helped develop TaintDroid, in collaboration with Jaeyeon Jung, Byung-Gon Chun, and Anmol Sheth of Intel Labs, as well as William Enck and Patrick McDaniel of Penn State University.
"We found it surprising that location information was shared with ad networks without further explanation or notification," said Jung, lead co-author, with Enck, of the study describing TaintDroid and the team's results, which were presented earlier this month at the Operating Systems Design and Implementation Conference in Vancouver, British Columbia.
In June, an SMobile Systems study found that 20% of the then-available 48,000 third-party applications for the Android operating system provided private or sensitive information to external sources. Although TaintDroid only monitored 30 Android apps, further investigation of other apps is warranted, the team recommended. Today, there are more than 70,000 apps for the Google Android operating system.
"We don't have the data to say that a majority of third-party apps are untrustworthy. This study, however, is a proof-of-concept to show the value of enhancing smartphone platforms to include real-time monitoring tools like TaintDroid to give users an awareness of how their information is being shared," said Cox.