Realtime Privacy Monitoring on Smartphones

Frequently Asked Questions on Our TaintDroid Paper

Who are you and what is your research about?

This study results from a collaboration between Intel Labs, Penn State, and Duke University. Our efforts are supported by Intel Labs and grants from the U.S. National Science Foundation.

Smartphones contain many types of information that users characterize as privacy sensitive. Examples include geographic location, phone identifiers, microphone input, and camera images. Our research goal is to build tools to monitor how applications access and use privacy sensitive data, and then study and report the behavior exhibited by existing real-world applications.

How do applications gain access to sensitive data?

Android asks the user which services and data an application may access when it is installed. For example, an application may request access to location information (such as captured by the GPS sensor) and access to the Internet. If the user chooses not to allow this access, the application is not allowed to be installed.

Are users notified that applications share privacy sensitive information?

No, the install-time permission checks do not indicate to the user how these services and data will be used. There is no way to determine simply from the set of permissions how data will be used, and in some cases misused.

Users can also be notified of an application's behavior via a license agreement that is displayed on first use. With one exception, we found the user license agreements in the studied applications, if present at all, do not provide any additional information on how data is used.

A privacy violation can occur where services and data are used in ways that are unexpected. In the applications we studied, we found it surprising that location information was shared with ad networks without further explanation or notification.

What did you find?

We randomly selected 30 out of the 358 most popular free applications from the Android Market that have access to both the Internet and privacy sensitive information such as geographic location, camera, audio, and phone information. We then used the applications while watching them with our TaintDroid monitoring tool. We found that 15 of the 30 applications shared location information with advertisement servers. We also found that 7 of the applications shared phone identifiers with a remote Internet server.

What is the statistical significance of the findings?

We studied just over 8% of the top 50 popular free applications in each category that had access to privacy sensitive information in order to get a sense of the behaviors of these applications. Our OSDI paper describes in more detail how this sample set was chosen.

How often do applications send out location data to third party servers?

We observed a range of behavior in the studied applications. Some applications shared location with advertisement servers only when displaying ads to the user. Other applications shared location even when the user was not running the application. In some cases, we observed location information being shared as frequently as every 30 seconds.

Are these privacy concerns limited to Android?

We only studied Android and therefore cannot comment on other platforms. Further studies investigating other platforms are warranted however.

Why did you choose to study Android?

We selected to study Android and its applications, because it has many features in common with other popular smartphone platforms, and because it is open source, which was necessary for us to build our TaintDroid monitoring tool.

Why is the tool called "TaintDroid"?

TaintDroid uses a scientific technique called "dynamic taint analysis". This technique marks information of interest with an identifier called a "taint." That taint stays with the information when it is used. The tracking system then monitors the movement of tainted information. For example, TaintDroid can trace back the origin of the information (e.g., GPS) when tainted information is sent to the Internet.

Where can I get TaintDroid?

We will be making TaintDroid open source. Information to obtain the TaintDroid source code will be posted to this page.



Acknowledgements and sponsors

This material is based upon work supported by the National Science Foundation under Grant No. CNS-0905447, CNS-0721579 and CNS-0643907. Landon Cox and Peter Gilbert's participation was partially supported by NSF CAREER award CNS-0747283 and NSF Grant No. CNS-0910653.