http://appanalysis.org/tdroid10.pdfAbstract
Today’s smartphone operating systems frequently fail
to provide users with adequate control over and visibility
into how third-party applications use their private data.
We address these shortcomings with TaintDroid, an efficient,
system-wide dynamic taint tracking and analysis
system capable of simultaneously tracking multiple
sources of sensitive data. TaintDroid provides realtime
analysis by leveraging Android’s virtualized execution
environment. TaintDroid incurs only 14% performance
overhead on a CPU-bound micro-benchmark and imposes
negligible overhead on interactive third-party applications.
Using TaintDroid to monitor the behavior of
30 popular third-party Android applications, we found
68 instances of potential misuse of users’ private information
across 20 applications. Monitoring sensitive data
with TaintDroid provides informed use of third-party applications
for phone users and valuable input for smartphone
security service firms seeking to identify misbehaving
applications.