Malicious third-party applications can leak personal data stored in the Android system by exploiting side channels. TaintDroid uses a dynamic taint analysis mechanism to control the manipulation of private data by third-party apps [9]. However, TaintDroid does not propagate taint in side channels. An attacker can exploit this limitation to get private data. For example, Sarwar et al. [2] present side channel class of attacks using a medium that might be overlooked by the taint-checking mechanism to extract sensitive data in Android system. In this paper, we enhance the TaintDroid system and we propagate taint in side channels using formal policy rules. To evaluate the effectiveness of our approach, we analyzed 100 free Android applications. We found that these applications use different side channels to transfer sensitive data. We successfully detected that 35% of them leaked private information through side channels. Also, we detected Sarwar et al. [2] side channel attacks. Our approach generates 9% of false positives. The overhead given by our approach is acceptable in comparison to the one obtained by TaintDroid (9% overhead).
展开▼
