FORUMS

How a HTC Droid Eris Changed a Members Life

Rarely can a member say that Android development or XDA had a profound effect on … more

XDA Office Space: Frankenstein’s Perfect IM Client?

The portal’s decentralized XDA office lies in a Hangouts chatroom, where … more

Which IM Client on Android is best?

With so many different messengers to choose from, it can be tough to find the best one for you and … more

Android Factory Reset Security Flaw and More – XDA TV

Nvidia is releasing a 500Gb SHIELD TV Pro! That and much more news is … more
Post Reply Subscribe to Thread Email Thread

Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps

19th October 2010, 08:12 AM |#1  
OP Senior Member
Thanks Meter: 9
 
More
Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).

Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:

What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html


How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html

How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html

Why would you want to install this?
There can be many reasons for installint TaintDroid:

- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is

What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.

Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.

BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
 
 
19th October 2010, 08:35 AM |#2  
ragin's Avatar
Senior Member
Flag Hubli
Thanks Meter: 154
 
More
+1 for the idea

Sent from my GT-I9000 using XDA App
19th October 2010, 11:11 AM |#3  
Senior Member
Thanks Meter: 70
 
More
+1

Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.

I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...

It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
19th October 2010, 11:37 AM |#4  
Member
Flag Oss
Thanks Meter: 0
 
Donate to Me
More
I can not cook Kernels, but this is something i want to use.

Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!

I am sure i am not the only one.
19th October 2010, 11:54 AM |#5  
_JKay_'s Avatar
Retired Recognized Developer
Thanks Meter: 14,819
 
Donate to Me
More
+1

Yes please... This should be in all android phones... as a security option you could turn on!!!
19th October 2010, 11:57 AM |#6  
Senior Member
Thanks Meter: 70
 
More
Quote:
Originally Posted by Antonyjeweet

Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!

And do some of these applications only send stuff when you open them?
--

From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
4th December 2010, 07:15 PM |#7  
Junior Member
Flag Saint Quentin En Yvelines
Thanks Meter: 0
 
More
Do you know some ROM where Taindroid is included?
5th December 2010, 04:53 AM |#8  
exadeci's Avatar
Senior Member
Flag Paris
Thanks Meter: 148
 
More
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
5th December 2010, 06:06 AM |#9  
specialex's Avatar
Senior Member
Thanks Meter: 65
 
More
Quote:
Originally Posted by exadeci

I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it

glad you did that
5th December 2010, 06:09 AM |#10  
Senior Member
Thanks Meter: 50
 
More
+1 support the idea. hope some of our hardworking kernel builders will add this in.
Post Reply Subscribe to Thread

Tags
kernel, leak, privacy, security, taintdroid
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes