Recent years have seen a proliferation in smartphones, Internet-enabled devices that operate as hybrids of cell phones and computers. Users customize their phones with apps, software programs intended to help accomplish various tasks. The Motorola Droid, which runs the Google Android operating system, was introduced last year and promised users greater flexibility in downloading different kinds of apps from multiple sources.
But researchers at Duke have found that some free apps for the Droid are doing more than assisting their users: They also are secretly transmitting users’ data, such as their phone numbers and GPS locations. In response, the researchers created an extension to the Android operating system called TaintDroid that will notify users when certain private information is being shared. TaintDroid was designed in part by Landon Cox ’99, assistant professor of computer science, and doctoral candidate Peter Gilbert.
Currently, mobile-phone operating systems do offer users some controls to regulate whether an app can access private information, but Cox and Gilbert say these are insufficient. TaintDroid uses a scientific technique called “dynamic taint analysis” to mark information with a bit of computer code called a “taint.” The taint stays with the user’s information and can be used to track where that information goes. This code allows the system to immediately notify users if any unauthorized sharing has occurred.
TaintDroid is available in prototype form, and the researchers are working to make it widely available soon.