An Offloaded Dynamic Taint Analysis Approach for
Privacy Leakage Detection on Android
Hui Xu
1
Motivation:
ContactList SMS Call
LogBrowserHistory Account Location
2
Adversary Model & State-of-the-art Work• Adversary Model: Official applications may read sensitive data stored on phones,
and transmit such information via network. • TaintDroid, Published in USENIX 2011
• Usability Issue: need OS recompilation
Read Send
Memory1
SensitiveData
Program Trace
DataMemory2
[Program Trace, Memory Access] => Data Leakage3
Smartphone
Behavior Profiler
Our Approach: Overall Architecture
Android Emulator
SignatureDB
ApplicationsSignatures
Taint Module
BehaviorProfilerDetecto
r
Server
Automated Testing Tool
Analyzer
4
Leakage Instances
• Two sets of apps:• Set I: Apps causing no leakage => Red Table.• Set II: Apps causing leakage => Black Table
• Data metric• Applications may leak different data (e.g., some leak contact list, some leak
IMEI)• sensitive data should be considered separately
Situation Read Send Leakage
I No No No
II Yes No No
III Yes Yes Yes
IV Yes Perhaps Yes5
Top Related