Runtime detection of privacy leaks in Android smartphone

Nowadays, developing Android applications is becoming easier and simpler. More and more new applications are coming out in the Android market, Play Store. At the same time, there are also developers that use their applications as a platform in gathering user’s confidential data. To deter this, Taint...

Full description

Saved in:
Bibliographic Details
Main Author: Lee, Yong Shun
Other Authors: Alwen Fernanto Tiu
Format: Final Year Project
Language:English
Published: 2015
Subjects:
Online Access:http://hdl.handle.net/10356/62625
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-62625
record_format dspace
spelling sg-ntu-dr.10356-626252023-03-03T20:56:41Z Runtime detection of privacy leaks in Android smartphone Lee, Yong Shun Alwen Fernanto Tiu School of Computer Engineering DRNTU::Engineering::Computer science and engineering::Software::Software engineering Nowadays, developing Android applications is becoming easier and simpler. More and more new applications are coming out in the Android market, Play Store. At the same time, there are also developers that use their applications as a platform in gathering user’s confidential data. To deter this, TaintDroid, a dynamic taint monitoring system, will be used to detect these kind of privacy violation by applications. The popular and free applications will be the subjects of this experiment. TaintDroid will detect and log down any application that capture user’s confidential data then send it to the network. Likewise, experiment on malware applications will also be conducted. At the same time while doing the experiment, TaintDroid will also be tested on the effectiveness on how well it tracked. The result shows that out of 60 popular applications and 10 malware applications tested, TaintDroid has detected data leakage on these applications. Most of the data collected by the applications were IMEI number, contacts from address book and SMS messages. However, only less than 50 percent of the tested applications send those data out into the network. There are also a few applications that send data in plaintext which is a dangerous way to do. Since messages can be easily intercept during the network transmission. TaintDroid also has some limitation on applications that uses third party native libraries. Applications can also use some methods such as control dependencies to avoid the detection of TaintDroid. This shows that TaintDroid is still far from being a full control tracking system. Therefore, TaintDroid should continue to upgrade its firmware to support the advancing of Android operating system version. At the same time, eliminate those limitations to become a better taint tracking system. Bachelor of Engineering (Computer Science) 2015-04-24T03:03:15Z 2015-04-24T03:03:15Z 2015 2015 Final Year Project (FYP) http://hdl.handle.net/10356/62625 en Nanyang Technological University 48 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering::Software::Software engineering
spellingShingle DRNTU::Engineering::Computer science and engineering::Software::Software engineering
Lee, Yong Shun
Runtime detection of privacy leaks in Android smartphone
description Nowadays, developing Android applications is becoming easier and simpler. More and more new applications are coming out in the Android market, Play Store. At the same time, there are also developers that use their applications as a platform in gathering user’s confidential data. To deter this, TaintDroid, a dynamic taint monitoring system, will be used to detect these kind of privacy violation by applications. The popular and free applications will be the subjects of this experiment. TaintDroid will detect and log down any application that capture user’s confidential data then send it to the network. Likewise, experiment on malware applications will also be conducted. At the same time while doing the experiment, TaintDroid will also be tested on the effectiveness on how well it tracked. The result shows that out of 60 popular applications and 10 malware applications tested, TaintDroid has detected data leakage on these applications. Most of the data collected by the applications were IMEI number, contacts from address book and SMS messages. However, only less than 50 percent of the tested applications send those data out into the network. There are also a few applications that send data in plaintext which is a dangerous way to do. Since messages can be easily intercept during the network transmission. TaintDroid also has some limitation on applications that uses third party native libraries. Applications can also use some methods such as control dependencies to avoid the detection of TaintDroid. This shows that TaintDroid is still far from being a full control tracking system. Therefore, TaintDroid should continue to upgrade its firmware to support the advancing of Android operating system version. At the same time, eliminate those limitations to become a better taint tracking system.
author2 Alwen Fernanto Tiu
author_facet Alwen Fernanto Tiu
Lee, Yong Shun
format Final Year Project
author Lee, Yong Shun
author_sort Lee, Yong Shun
title Runtime detection of privacy leaks in Android smartphone
title_short Runtime detection of privacy leaks in Android smartphone
title_full Runtime detection of privacy leaks in Android smartphone
title_fullStr Runtime detection of privacy leaks in Android smartphone
title_full_unstemmed Runtime detection of privacy leaks in Android smartphone
title_sort runtime detection of privacy leaks in android smartphone
publishDate 2015
url http://hdl.handle.net/10356/62625
_version_ 1759854318552350720