TaintDroid detects sneaky Android apps
US security researchers have come up with an extension for Android that allows users to see what their apps are doing during runtime. Project TaintDroid is a collaboration between researchers from Pennsylvania State University, Duke University and Intel Labs. TaintDroid uses a modified Dalvik VM (the virtual Java machine in Google's mobile OS), patched libraries, and a kernel module to intercept system activity. It then displays a pop-up to show users when an app seems to be sending out private data suspiciously.
The researchers describe the technical details in an interesting paper, where they also sum up the findings of their study of 30 popular Android applications. The researchers found that half of the apps send location data to Web servers; a number of the apps even read out device IDs, SIM IDs, and telephone numbers. The researchers will present their paper and research findings next week at the USENIX Conference in Vancouver.
The paper claims that with TaintDroid running, on average, a smartphone only has a 14% higher CPU load and a 4.4% greater memory use. TaintDroid co-developer Landon Cox, assistant professor of computer science at Duke University, told The H's associates at heise Security that TaintDroid currently requires the Android system to be recompiled and that such a modified system can only be flashed on rooted phones.
These findings are much more exact and informative than the recent analysis conducted by SMobile Systems on the rights demanded by 48,000 apps on the Android Market, which found that around a third of the Market apps could access geo-data. Android's coarse grained acccess rights mean though that just because an Android application has requested those access rights, it doesn't mean that the application actually makes use of all of the functions to which it is granted access.