Paper

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

Authors:

• William Enck, The Pennsylvania State University
• Peter Gilbert, Duke University
• Byung-Gon Chun, Intel Labs
• Landon P. Cox, Duke University
• Jaeyeon Jung, Intel Labs
• Patrick McDaniel, The Pennsylvania State University
• Anmol N. Sheth, Intel Labs

Official Website: http://www.appanalysis.org/

Direct Link to Paper: http://appanalysis.org/tdroid10.pdf

Video demonstration of TaintDroid in action: http://www.youtube.com/watch?v=qnLujX1Dw4Y

Background Concepts

Explain briefly the background concepts and ideas that your fellow classmates will need to know first in order to understand your assigned paper.

• Background on Information Flow Theory. Explicit and Implicit Flow.
• Background on the taint data tracking method, how it has been used in other systems (i.e. not phones)
• A reader's digest version of any new articles about this kind of security vulnerability on phones, on apps that collect more personal data than users would expect.

Research problem

note: the underlined headings are just for organizing thoughts! They should be removed before the due date!

What is the research problem being addressed by the paper?

Dynamic Taint Analysis has been around for a while (TODO when, where). The key contribution here is in producing an effective taint tracking system that can run in real-time on a device with serious constraints on performance and battery life, without impacting the end-user experience on the device too greatly.

Key issues with Dynamic Taint Analysis on a smart phone:

• Scarce system resources
• Effectiveness of analysis on a non-simulated platform
• Must be real-time and light-weight; the device has to remain "usable" in the eyes of the end user.

Other Issues Due to Applications:

• Applications are entrusted with several types of privacy sensitive information
• Applications share information with each other
• Applications are already compiled; we cannot access the source code

"Other Issues" important to mention as it leads to important design choices like Message level tracking etc.

Having created this system, the goal of the paper then turns to that of the misuse of identifying or private information stored on a smart phone. The researchers found that a large majority of the applications they tested were sharing information in ways that a user might not expect. The classic example is the wallpaper app that sends your phone number back to the developer.

How does this problem relate to past related work?

Contribution

What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)

Critique

What is good and not-so-good about this paper? You may discuss both the style and content; be sure to ground your discussion with specific references. Simple assertions that something is good or bad is not enough - you must explain why.

References

You will almost certainly have to refer to other resources; please cite these resources in the style of citation of the papers assigned (inlined numbered references). Place your bibliographic entries in this section.