Real-time and intelligent private data protection for the Android platform

As the number of smart mobile devices and applications continue to grow dramatically, private data stored and handled by such mobile devices have become the primary targets of hackers and malicious software. Today, many malicious mobile applications steal user information, make premium calls, and send advertisement messages without the user's permission. Unfortunately, the Android system, currently the most popular smart mobile platform, only provides the users with a simple permission granting mechanism during the installation of applications, which are often ignored since most of the users do not pay attention to the potential hidden risks. Even though some vendors have integrated mechanisms to let the users grant or revoke the permissions associated with any applications at any time, such mechanisms are rarely used because the users do not know when, how and what sensitive information have been leaked.In this paper, we proposed mechanisms to track the use of sensitive information by Android applications. We extended TaintDroid to build a real-time security framework, called PasDroid, with mechanisms to trace dubious data flow, map user-application interactions and alert the users about potential privacy leakage on the fly. The information provided by PasDroid enables the users to determine if a transmission should be allowed or blocked with intelligent security policies. Our experimental results show that PasDroid can be deployed with an affordable runtime overhead to help protect users against malicious applications. The design of security policies is key to eliminate false alarms and improve the user experience.