TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
- William Enck ,
- Peter Gilbert ,
- Seungyeop Han ,
- Vasant Tendulkar ,
- Byung-Gon Chun ,
- Landon Cox ,
- Jaeyeon Jung ,
- Patrick McDaniel ,
- Anmol N. Sheth
Transactions on Computer Systems |
SIGOPS Hall of Fame Award
2020 SIGOPS Hall of Fame Award
Download BibTexToday’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32% performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.
© ACM. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version can be found at http://dl.acm.org.