Remove All Ads from XDA
Honor View 10

Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps

361 posts
Thanks Meter: 49
By vasra, Senior Member on 19th October 2010, 09:12 AM
Post Reply Email Thread
Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).

Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:

What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."

How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site:

How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:

Why would you want to install this?
There can be many reasons for installint TaintDroid:

- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is

What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.

Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.

BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
19th October 2010, 09:35 AM |#2  
ragin's Avatar
Senior Member
Flag Hubli
Thanks Meter: 159
+1 for the idea

Sent from my GT-I9000 using XDA App
19th October 2010, 12:11 PM |#3  
Senior Member
Thanks Meter: 76

Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.

I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...

It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
19th October 2010, 12:37 PM |#4  
Flag Oss
Thanks Meter: 0
Donate to Me
I can not cook Kernels, but this is something i want to use.

Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!

I am sure i am not the only one.
19th October 2010, 12:54 PM |#5  
_JKay_'s Avatar
Retired Recognized Developer
Thanks Meter: 14,812
Donate to Me

Yes please... This should be in all android phones... as a security option you could turn on!!!
19th October 2010, 12:57 PM |#6  
Senior Member
Thanks Meter: 76
Originally Posted by Antonyjeweet

Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!

And do some of these applications only send stuff when you open them?

From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
4th December 2010, 08:15 PM |#7  
Junior Member
Flag Saint Quentin En Yvelines
Thanks Meter: 0
Do you know some ROM where Taindroid is included?
5th December 2010, 05:53 AM |#8  
exadeci's Avatar
Senior Member
Flag Sydney
Thanks Meter: 271
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
5th December 2010, 07:06 AM |#9  
specialex's Avatar
Senior Member
Behind you
Thanks Meter: 89
Originally Posted by exadeci

I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it

glad you did that
5th December 2010, 07:09 AM |#10  
Senior Member
Thanks Meter: 58
+1 support the idea. hope some of our hardworking kernel builders will add this in.
5th December 2010, 08:26 AM |#11  
Jumba's Avatar
Senior Member
Flag Johannesburg
Thanks Meter: 710
Donate to Me
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
Post Reply Subscribe to Thread

kernel, leak, privacy, security, taintdroid

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes