Guest zurpher Posted December 30, 2010 Report Share Posted December 30, 2010 It would be great if TaintDroid could also be integrated in a Blade ROM. ZTE Blade users, please show you're support if you also wish to see TaintDroid implemented in a Custom ROM for your device. Source of quoted background information: Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app). Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid: What is TaintDroid? From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones." From: http://appanalysis.org/index.html How can I install TaintDroid? As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html How does TaintDroid work? Here's a video demonstrating how TaintDroid works once it is installed and configured: http://appanalysis.org/demo/index.html Why would you want to install this? There can be many reasons for installint TaintDroid: - You want to learn about privacy features and play with Android kernel - As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper - You are worried about what apps are doing behind your back and you want to know which apps to uninstall - You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is What can you do? As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use. Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large. BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI. Link to comment Share on other sites More sharing options...
Guest oh!dougal Posted December 30, 2010 Report Share Posted December 30, 2010 One for kallt_kaffe I'd suggest ... Link to comment Share on other sites More sharing options...
Guest rjm2k Posted December 30, 2010 Report Share Posted December 30, 2010 Wasn't this mentioned a while ago and the conclusion was it's easier to install wireshark? Link to comment Share on other sites More sharing options...
Guest hecatae Posted December 30, 2010 Report Share Posted December 30, 2010 this is the only thread i've found by searching with taintdroid in it Link to comment Share on other sites More sharing options...
Guest zurpher Posted December 30, 2010 Report Share Posted December 30, 2010 Wasn't this mentioned a while ago and the conclusion was it's easier to install wireshark? What I liked about the TaintDroid demonstration video is that one would get this nice little notifications. As far as I understand Wireshark it requires standard Android users such as myself to be quite knowledgeable in order to distinguish legitimate from illegitimate data being send. I assume that most standard users would struggle with such a task. I have found a Wireshark adaptation for Android at XDA-Developers: Shark for Root Could that be used to achieve something similar to TaintDroid if the implementation of TaintDroid proves too difficult? Link to comment Share on other sites More sharing options...
Guest Magnets Posted December 30, 2010 Report Share Posted December 30, 2010 Looks like a good idea, but what's to stop shady app developers just encrypting or hashing personal info then phoning home? Link to comment Share on other sites More sharing options...
Guest zurpher Posted December 31, 2010 Report Share Posted December 31, 2010 Looks like a good idea, but what's to stop shady app developers just encrypting or hashing personal info then phoning home? Probably not much but it would only be done if TaintDroid would spread widely so that it's worth the effort. Furthermore, it would put a tiny bit more pressure on Google so that they can't just say that it's the users fault as they gave their permissions. Link to comment Share on other sites More sharing options...
Guest Magnets Posted December 31, 2010 Report Share Posted December 31, 2010 I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :( Link to comment Share on other sites More sharing options...
Guest zurpher Posted January 1, 2011 Report Share Posted January 1, 2011 I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :unsure: Not only admob. See: Your apps are watching you. However, as Google are the giants in the internet advertising business it's not surprising that they don't have an interest to do anything that could prevent user profiling and data mining. Link to comment Share on other sites More sharing options...
Guest majnu Posted January 2, 2011 Report Share Posted January 2, 2011 I would like this on the ZTE Blade also. Link to comment Share on other sites More sharing options...
Guest Bygway Posted January 2, 2011 Report Share Posted January 2, 2011 I'll be following the progress of this thread. I really don't like the fact that all these apps and the OS itself collect my personal data... Link to comment Share on other sites More sharing options...
Guest gameSTICKER Posted January 2, 2011 Report Share Posted January 2, 2011 +1, I'd also like to see this functionality in Blade ROMs please, a request to kallt_kaffe Link to comment Share on other sites More sharing options...
Guest chall32 Posted January 2, 2011 Report Share Posted January 2, 2011 Oh yes, been meaning to post about this. Certainly would be good to see. Use wireshark sometimes as part of my day job. Wasn't aware something simular was available for android. Will definitely try it. My £0.02 suggestion, install adfree http://www.appbrain.com/app/adfree-android....android.adfree This will block some personal info going back to advertisers. Obviously if the recipient isn't an advertiser, then there is nothing blocking outward bound personal info. Does taintdroid also block? Link to comment Share on other sites More sharing options...
Guest ex-efixxer Posted January 2, 2011 Report Share Posted January 2, 2011 great idea! i´d also like to have TaintDroid in the froyo kernel! i think this is an important thing to have.. hope kallt_kaffe is reading this threat.. including it in Japanese Jellyfish would be the bomb! :unsure: Link to comment Share on other sites More sharing options...
Guest Magnets Posted January 3, 2011 Report Share Posted January 3, 2011 (edited) My £0.02 suggestion, install adfree http://www.appbrain.com/app/adfree-android....android.adfree This will block some personal info going back to advertisers. Obviously if the recipient isn't an advertiser, then there is nothing blocking outward bound personal info. Does taintdroid also block? I don't really like blocking revenue streams of free apps, but ads taking so much personal data is not on, just had a quick look at the admob docs and the app developers can choose whether admob is allowed access to location or not. Adfree seems to work fine, I also installed Droidwall which also seems to work well. How long is it going to take before your IP/GPS location are sold to some GEO IP database :unsure: Edited January 3, 2011 by Magnets Link to comment Share on other sites More sharing options...
Guest zurpher Posted January 4, 2011 Report Share Posted January 4, 2011 I have opened a new thread in the Android software section on privacy-enchancing apps. Please post there any privacy apps that you happen to know. Thank you! On a different note, I have sent a PM to kallt_kaffe a few days ago regarding TaintDroid but didn't hear back yet. I think it doesn't need to be necessarily kallt_kaffe who implements TaintDroid. Any other Custom ROM developer is invited to do so. We would like to hear from you. Link to comment Share on other sites More sharing options...
Guest superkryo Posted January 7, 2011 Report Share Posted January 7, 2011 Giving it a bump now we have the 2.2 kernel source. Link to comment Share on other sites More sharing options...
Guest Rotmann Posted January 8, 2011 Report Share Posted January 8, 2011 +1, please implement this! Link to comment Share on other sites More sharing options...
Guest cartierv Posted January 8, 2011 Report Share Posted January 8, 2011 Great idea. Long overdue. Someone asked what is 'legitimate' traffic. I would say in an ideal world: it pertains directly to the specific utility of software you are using (i.e Google maps needs to contact the server to get the map data) But actually... you know what.. it's basically that data you are reasonably ok to have sent. Sadly for people who care about privacy Google itself is a problem. It's the massive 800 lb gorilla in the living room that no one's talking about that much. Although there's been a few articles about it in the press. In my ideal world I want: No outbound data at all unless it's specifically to do with a service that I d/led the software for to begin with. So with Google map data. Not how much I've used my phone and who my contacts are. Not what my phone number is. Just a request to the server for map data. It's that simple really. Apps like Dictionary.com are abusive spyware too and everyone's at it. Just a goldrush to see how much data can be collected. And frankly part of the reason is the mobile phone market encompasses a lot more dumb stupid people than the PC one. Sorry I am rambling a bit. But this is a really big problem. Glad someone's looking into it. The other thing that's missing from Android and this really needs a seperate thread: and that's system-wide encryption. Locally on the phone, things like notes, contacts, sms, folders whatever you want. Should be some API in Android that can do this. I don't know what the score is on the iPhone for that, but I know OS X had things like filevault and keychain, although fv wasn't always practical. Link to comment Share on other sites More sharing options...
Guest gusthy Posted January 8, 2011 Report Share Posted January 8, 2011 I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :D Well, I agree with you about your concerns about ID, nút regarding location it is rather pointless to send swedish ads to a greek phone. Link to comment Share on other sites More sharing options...
Guest zurpher Posted January 15, 2011 Report Share Posted January 15, 2011 Well, I agree with you about your concerns about ID, nút regarding location it is rather pointless to send swedish ads to a greek phone. Location is also problematic - not on country level though. However, for that it would be sufficient to know the SIM-card provider. I don't want anyone to track my mobility. Especially if that data could be combined with other data sets, e.g. shopping behaviour or how affluent certain areas are. Why does Angry Birds and its business partners need to know in which city I live? Link to comment Share on other sites More sharing options...
Guest Rotmann Posted January 16, 2011 Report Share Posted January 16, 2011 (edited) Location is also problematic - not on country level though. However, for that it would be sufficient to know the SIM-card provider. I don't want anyone to track my mobility. Especially if that data could be combined with other data sets, e.g. shopping behaviour or how affluent certain areas are. Why does Angry Birds and its business partners need to know in which city I live? To give you specific ads for your city like Groupon. It would not bring anything if you lived in München and would become offers for Köln. Edited January 16, 2011 by Rotmann Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now