Jump to content


Photo

Building TaintDroid into a ZTE Blade Kernel

- - - - -

  • Please log in to reply
21 replies to this topic

#1
zurpher

zurpher

    Regular

  • Members
  • PipPip
  • 89 posts
  • Gender:Male
  • Devices:HTC DESIRE S
It would be great if TaintDroid could also be integrated in a Blade ROM.

ZTE Blade users, please show you're support if you also wish to see TaintDroid implemented in a Custom ROM for your device.


Source of quoted background information: Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps

Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).

Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:

What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html


How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html

How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html

Why would you want to install this?
There can be many reasons for installint TaintDroid:

- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is

What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.

Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.

BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.


  • 0

#2
oh!dougal

oh!dougal

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,022 posts
  • Location:England
  • Devices:DX2 FroYo San Francisco
One for kallt_kaffe I'd suggest ...

  • 0

#3
rjm2k

rjm2k

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,096 posts
Wasn't this mentioned a while ago and the conclusion was it's easier to install wireshark?

  • 0

#4
hecatae

hecatae

    Hardcore

  • Moderator Team
  • PipPipPipPipPipPip
  • 3,157 posts
  • Gender:Male
  • Location:northampton
  • Devices:Samsung i9305
  • Twitter:@meritez
this is the only thread i've found by searching with taintdroid in it

  • 0

#5
zurpher

zurpher

    Regular

  • Members
  • PipPip
  • 89 posts
  • Gender:Male
  • Devices:HTC DESIRE S

Wasn't this mentioned a while ago and the conclusion was it's easier to install wireshark?


What I liked about the TaintDroid demonstration video is that one would get this nice little notifications. As far as I understand Wireshark it requires standard Android users such as myself to be quite knowledgeable in order to distinguish legitimate from illegitimate data being send. I assume that most standard users would struggle with such a task.

I have found a Wireshark adaptation for Android at XDA-Developers:

Shark for Root

Could that be used to achieve something similar to TaintDroid if the implementation of TaintDroid proves too difficult?

  • 0

#6
Magnets

Magnets

    Enthusiast

  • Members
  • PipPipPip
  • 227 posts
Looks like a good idea, but what's to stop shady app developers just encrypting or hashing personal info then phoning home?

  • 0

#7
zurpher

zurpher

    Regular

  • Members
  • PipPip
  • 89 posts
  • Gender:Male
  • Devices:HTC DESIRE S

Looks like a good idea, but what's to stop shady app developers just encrypting or hashing personal info then phoning home?


Probably not much but it would only be done if TaintDroid would spread widely so that it's worth the effort. Furthermore, it would put a tiny bit more pressure on Google so that they can't just say that it's the users fault as they gave their permissions.

  • 0

#8
Magnets

Magnets

    Enthusiast

  • Members
  • PipPipPip
  • 227 posts
I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :(

  • 0

#9
zurpher

zurpher

    Regular

  • Members
  • PipPip
  • 89 posts
  • Gender:Male
  • Devices:HTC DESIRE S

I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :unsure:


Not only admob. See: Your apps are watching you. However, as Google are the giants in the internet advertising business it's not surprising that they don't have an interest to do anything that could prevent user profiling and data mining.

  • 0

#10
majnu

majnu

    Regular

  • Members
  • PipPip
  • 141 posts
  • Devices:ZTE Blade
I would like this on the ZTE Blade also.

  • 0

#11
Bygway

Bygway

    Newbie

  • Members
  • Pip
  • 9 posts
  • Devices:TyTN
I'll be following the progress of this thread. I really don't like the fact that all these apps and the OS itself collect my personal data...

  • 0

#12
gameSTICKER

gameSTICKER

    Regular

  • Members
  • PipPip
  • 91 posts
  • Devices:Orange San Francisco OLED
+1, I'd also like to see this functionality in Blade ROMs please, a request to kallt_kaffe

  • 0
.: SanF - OLED 512 3.2MP :.
Swedish Spring RLS5, GEN1 Layout

#13
chall32

chall32

    Enthusiast

  • Members
  • PipPipPip
  • 181 posts
Oh yes, been meaning to post about this. Certainly would be good to see.

Use wireshark sometimes as part of my day job. Wasn't aware something simular was available for android. Will definitely try it.

My £0.02 suggestion, install adfree http://www.appbrain.....android.adfree This will block some personal info going back to advertisers. Obviously if the recipient isn't an advertiser, then there is nothing blocking outward bound personal info.

Does taintdroid also block?

  • 0
Posted Image

#14
ex-efixxer

ex-efixxer

    Newbie

  • Members
  • Pip
  • 12 posts
great idea! i´d also like to have TaintDroid in the froyo kernel! i think this is an important thing to have.. hope kallt_kaffe is reading this threat..
including it in Japanese Jellyfish would be the bomb! :unsure:

  • 0

#15
Magnets

Magnets

    Enthusiast

  • Members
  • PipPipPip
  • 227 posts

My £0.02 suggestion, install adfree http://www.appbrain.....android.adfree This will block some personal info going back to advertisers. Obviously if the recipient isn't an advertiser, then there is nothing blocking outward bound personal info.

Does taintdroid also block?


I don't really like blocking revenue streams of free apps, but ads taking so much personal data is not on, just had a quick look at the admob docs and the app developers can choose whether admob is allowed access to location or not. Adfree seems to work fine, I also installed Droidwall which also seems to work well.
How long is it going to take before your IP/GPS location are sold to some GEO IP database :unsure:

Edited by Magnets, 03 January 2011 - 02:47 PM.

  • 0

#16
zurpher

zurpher

    Regular

  • Members
  • PipPip
  • 89 posts
  • Gender:Male
  • Devices:HTC DESIRE S
I have opened a new thread in the Android software section on privacy-enchancing apps. Please post there any privacy apps that you happen to know. Thank you!


On a different note, I have sent a PM to kallt_kaffe a few days ago regarding TaintDroid but didn't hear back yet. I think it doesn't need to be necessarily kallt_kaffe who implements TaintDroid. Any other Custom ROM developer is invited to do so. We would like to hear from you.

  • 0

#17
superkryo

superkryo

    Regular

  • Members
  • PipPip
  • 59 posts
Giving it a bump now we have the 2.2 kernel source.

  • 0

#18
Rotmann

Rotmann

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,019 posts
  • Devices:Nexus One, ZTE Blade
+1, please implement this!

  • 0

#19
cartierv

cartierv

    Enthusiast

  • Members
  • PipPipPip
  • 197 posts
Great idea. Long overdue.

Someone asked what is 'legitimate' traffic. I would say in an ideal world:

it pertains directly to the specific utility of software you are using (i.e Google maps needs to contact the server to get the map data)

But actually... you know what.. it's basically that data you are reasonably ok to have sent.


Sadly for people who care about privacy Google itself is a problem. It's the massive 800 lb gorilla in the living room that no one's talking about that much. Although there's been a few articles about it in the press.

In my ideal world I want:

No outbound data at all unless it's specifically to do with a service that I d/led the software for to begin with. So with Google map data. Not how much I've used my phone and who my contacts are. Not what my phone number is. Just a request to the server for map data. It's that simple really.

Apps like Dictionary.com are abusive spyware too and everyone's at it. Just a goldrush to see how much data can be collected. And frankly part of the reason is the mobile phone market encompasses a lot more dumb stupid people than the PC one.

Sorry I am rambling a bit.

But this is a really big problem. Glad someone's looking into it.

The other thing that's missing from Android and this really needs a seperate thread:

and that's system-wide encryption. Locally on the phone, things like notes, contacts, sms, folders whatever you want. Should be some API in Android that can do this.

I don't know what the score is on the iPhone for that, but I know OS X had things like filevault and keychain, although fv wasn't always practical.

  • 0

#20
gusthy

gusthy

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,102 posts
  • Location:Budapest
  • Devices:Pulse

I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :D


Well, I agree with you about your concerns about ID, nút regarding location it is rather pointless to send swedish ads to a greek phone.

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users