Mobile privacysurvey presentation


Published on

Published in: Technology, News & Politics
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mobile privacysurvey presentation

  1. 1. Nitisha Desai, Sean Wang and Jiang ZhuNovember 23rd, 2011 1
  2. 2. • Privacy in the news• TaintDroid 2
  3. 3. 3
  4. 4. • Addresses of websites • Share with other companies •URLS • Verizon will use this information for •Search Terms •Business & Marketing Reports• Location Details •Making relevant mobile ads• App and Device usage• Use of Verizon Products• Demographic categories •Gender •Age •Sports •Frequent Diner 4
  5. 5. • “I know where you were and what you are Sharing: Exploiting P2P Communications to Invade Users‟ Privacy”• An attacker can Identify a person, their location and filesharing habits 5
  6. 6. 6
  7. 7. • Collected children‟s • “Unsubtantiated • P2P File Sharing personal and deceptive” exposed app users‟ information without personal parental consent information without authorization• Violated COPPA 7
  8. 8. • Geolocational Privacy and Surveillance Act• Creates rules to govern the interception and disclosure of geolocation information• Prohibits unlawfully intercepted geolocation information to be used as evidence 8
  9. 9. • Require companies to tell users when location data is being collected• Allow the users to decide whether or not to disclose this information to third parties 9
  10. 10. 10
  11. 11. • “With more than 58% of U.S. mobile users worried that their data can be easily accessed by others, a privacy policy that helps establish and maintain consumer trust is absolutely essential.”• Create a framework for developers to use to provide clear and functional privacy disclosures to consumers who use mobile applications. 11
  12. 12. Policy maker Policy Language Code GuidanceResources 12
  13. 13. Authors: William Enck, Peter Gilbert, Byung-Gon Chun, Landon P.Cox,Jaeyeon Jung, Patrick McDaniel and Anmo N.Sheth.Slide credits: William Enck, Steven Zittrower 13
  14. 14. • What is TaintDroid• Why it‟s Important• Implementation• Costs and Tradeoffs• Results 14
  15. 15. 15
  16. 16. GPS/Location DataCamera/Photos/MicrophoneContactsSMS MessagesSIM Identifiers (IMSI, ICC-ID, IMEI)
  17. 17. • Goals: Monitor app behavior to determine when privacy sensitive information leaves the phone• Challenges .. • Smartphones are resource constrained • Third-party applications are entrusted with several types of privacy sensitive information • Context-based privacy information is dynamic and can be difficult to identify even when sent in the clear • Applications can share information 18
  18. 18. Dynamic Taint Analysis • Dynamic taint analysis is ais a technique that tracks 1. Dynamic taint analysis technique that tracks the information information dependencies from an origin dependencies from it origin. • Conceptual idea: 2. Conceptual Ideas: c = t ai nt _sour ce( ) ‣ a. Taint source Taint source ... ‣ b. Taint propagation Taint propagation c. Taint sink a = b + c ‣ Taint sink ... net wor k_send( a) • Limitations: performance and granularity is a trade-offystems and Internet Infrastructure Security Laboratory (SIIS) Page 5 19
  19. 19. 20
  20. 20. TaintDroid Architecture map courtesy of TaintDroid: An Information-Flow…Interpreted Code Trusted Applications Untrusted Applications 8 Trusted Library Taint Source 1 Taint Sink 2 3 6 7 9 Taint Map Taint MapUserspace Dalvik VM Dalvik VM Interpreter Interpreter 4 Binder IPC Library Binder IPC Library Binder Hook Binder Hook 5Kernel Binder Kernel Module 21
  21. 21. ‣ Patches state after native method invocation ‣ Extends tracking between applications and to storage Message-level tracking Alci n o pi a Ce p to d M sg Alci n o pi a Ce p to d Va it l ru Va it l ru Variable-level Mie an ch Mie an ch tracking Method-level NvSt m rr s a eye L a t i s i i b e tracking File-level N o Itr c e r nf e t k e w a So a S a e n r t rg c dy o e tracking • Variables Local variables, arguments, class static fields, class instances, and arrays • TaintDroid is a firmware modification, not an app • Messagesystems and Internet Infrastructure Security Laboratory (SIIS) Page 6 Taint tag is upper bound of tainted variables in message • Methods Tracks and propagates system provided native libraries • Files One tag per-file, same logic as messages 22
  22. 22. Sources Sinks• Low-bandwidth • Network Calls Sensors • File-system Writes• High-bandwidth Sensors• Information Databases• Devices Identifiers 23
  23. 23. • The authors modified the Dalvik VM interpreter to store and propagate taint tags (a taint bit-vector) on variables.• Local variables and tags: taint tags stored adjacent to variables on the internal execution stack. -- 32-bit bitvector with each variable 24
  24. 24. • Rules for passing taint markers• α←C : τα←0• β←α:τβ←τα• α„←α⊗β:τα←τα∪τβ• …• Govern steps 3, 7 of TaintDroid Architecture 25
  25. 25. 26
  26. 26. 27
  27. 27. • 14% overall overhead. Smallest for arithmetic and logic operations; greatest for string operations• 4.4% memory overhead 28
  28. 28. 25 21.88 MB 21.06 MB 19.48 MB 18.92 MB2015 10.89 ms Android 8.58 ms TaintDroid1050 App Load Time Address Book © Address Book ® 27% slower 3.5% more memory 29
  29. 29. 30%25%20%15%10%5%0% App Load Addres Book Addres Book Phone Call Take Picture Time (create) (read) 63:65 348:367 101:119 96:106 1718:2216 (Android: TaintDriod in ms) 30
  30. 30. 31
  31. 31. • Selected 30 applications with bias on popularity and access to Internet, location, microphone, and camera • 100 minutes, 22,594 packets, 1,130 TCP connections• Of 105 flagged TCP connections, only 37 legitimate. 32
  32. 32. • 15 of the 30 applications shared physical location with an ad server (,,,• Most traffic was plaintext (e.g., AdMob HTTP GET):• In no case was sharing obvious to user or in EULA • In some cases, periodic and occurred without app use 33
  33. 33. • 7 applications sent device (IMEI) and 2 apps sent phone information (Phone #, IMSI*, ICC-ID) to a remote server without informing the user. One app‟s EULA indicated the IMEI was sent Another app sent the hash of the IMEI• Frequency was app-specific, e.g., one app sent phone information every time the phone booted.• Appeared to be sent to app developers ... 34
  34. 34. 35
  35. 35. • Approach Limitations • TaintDroid only tracks data flows (i.e. explicit flows). • Malicious application can game out TaintDroid and exflitrate privacy sensitive information through control flow.• Taint Source Limitations • IMSI contains country (MCC), network (MNC) and Station (MSIN) codes. All tainted together, but heavily used in Android for configuration parameters. Likely to cause false positives. • Network only as sink . Sensitive information can propagate back from network.• Requires custom OS modification. No checks on native libraries• Lack of evaluation data on power consumption• User Interface: log is too technical and need further inspection 37
  36. 36. • TaintDroid provides efficient, system-wide, dynamic taint tracking and analysis for Android• 4 granularities of taint propagations • Variable-level • Message-level • Method-level • File-level• 14% performance overhead on a CPU-bound microbenchmark.• Identified 20 out of the 30 random selected applications to share information in a way that was not expected.• Findings demonstrated the effectiveness and value of enhancing Mobile Privacy on smartphone platforms. 38
  37. 37. • Real-time tracking, filtering and enforcement• Eliminate or reduce false-positives through better management of variable-level tags• Integrated with Expert rating system (crowd sourcing)• Detection of bypass attempts 39
  38. 38. • 40
  39. 39. 41
  40. 40. Thank you.