Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,729,384 Members 44,017 Now Online
XDA Developers Android and Mobile Development Forum

Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps

Tip us?
 
vasra
Old
#1  
Senior Member - OP
Thanks Meter 9
Posts: 213
Join Date: Jun 2009
Thumbs up Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps

Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).

Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:

What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html


How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html

How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html

Why would you want to install this?
There can be many reasons for installint TaintDroid:

- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is

What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.

Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.

BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
 
ragin
Old
#2  
ragin's Avatar
Senior Member
Thanks Meter 151
Posts: 1,724
Join Date: Dec 2007
Location: Hubli
+1 for the idea

Sent from my GT-I9000 using XDA App
if you like what I say, there is always a THANKS button below.

Super Sexy
GALAXY Note
 
Ettepetje
Old
#3  
Senior Member
Thanks Meter 63
Posts: 300
Join Date: Aug 2010
+1

Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.

I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...

It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
 
Antonyjeweet
Old
#4  
Member
Thanks Meter 0
Posts: 55
Join Date: Jun 2009
Location: Oss

 
DONATE TO ME
I can not cook Kernels, but this is something i want to use.

Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!

I am sure i am not the only one.
 
_JKay_
Old
#5  
_JKay_'s Avatar
Recognized Developer
Thanks Meter 14819
Posts: 5,488
Join Date: Aug 2010

 
DONATE TO ME
+1

Yes please... This should be in all android phones... as a security option you could turn on!!!
 
Ettepetje
Old
#6  
Senior Member
Thanks Meter 63
Posts: 300
Join Date: Aug 2010
Quote:
Originally Posted by Antonyjeweet View Post
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
And do some of these applications only send stuff when you open them?
--

From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
 
Williemenos
Old
#7  
Junior Member
Thanks Meter 0
Posts: 2
Join Date: Mar 2008
Location: Saint Quentin En Yvelines
Do you know some ROM where Taindroid is included?
 
exadeci
Old
#8  
exadeci's Avatar
Senior Member
Thanks Meter 119
Posts: 520
Join Date: Jul 2010
Location: Paris
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
 
specialex
Old
#9  
specialex's Avatar
Senior Member
Thanks Meter 60
Posts: 245
Join Date: Jun 2010
Quote:
Originally Posted by exadeci View Post
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
glad you did that
 
sunwee
Old
#10  
Senior Member
Thanks Meter 45
Posts: 469
Join Date: May 2009
+1 support the idea. hope some of our hardworking kernel builders will add this in.

Tags
kernel, leak, privacy, security, taintdroid
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


TRENDING IN THEMER...