September 29, 2010, 4:59 PM — A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users' private information to remote advertising servers, without the users being aware of what was being sent or to whom. In some cases, the user's location data was sent as often as every 30 seconds.
The software, called TaintDroid, was designed to uncover how user-permitted applications actually access and use private or sensitive data, including location, phone numbers and even SIM card identifiers, and to notify users within seconds. The findings suggest that Android, and other phone operating systems, need to do more to monitor what third-party applications are doing under the covers of smartphones.
TaintDroid is a joint effort by Peter Gilbert and Landon Cox, Duke University; Jaeyeon Jung, Byung-Gon Chun and Anmol Sheth, of Intel Labs; and William Enck and Patrick McDaniel, of Penn State University. The team's paper, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones" is online and is being presented next week at the USENIX Symposium on Operating Systems Design and Implementation (OSDI).
Smartphone apps can combine data from remote cloud services with data pulled from the phone and its sensors, such as GPS receiver, camera, accelerometer, and microphone. And there are legitimate reasons for applications to access a range of user privacy data.
But today, Android, and other mobile operating systems, offer only basic controls: users can allow or not allow an application to access such information. But they can't control how that data is subsequently used by the application. The online Android Market passed the 50,000 apps milestone last April.
"For example, if a user allows an application to access her location information, she has no way of knowing if the application will send her location to a location-based service, to advertisers, to the application developer, or to any other entity," the authors note. "As a result, users must blindly trust that applications will properly handle their private data. This lack of transparency forces users to blindly trust that applications will properly handle private data."