Jump to content

Building TaintDroid into a ZTE Blade Kernel

Guest zurpher

By Guest zurpher
in ZTE Blade / Libra ROMs & ROM customisation

 Share

Recommended Posts

Guest zurpher

Guest zurpher

Posted
Posted

It would be great if TaintDroid could also be integrated in a Blade ROM.

ZTE Blade users, please show you're support if you also wish to see TaintDroid implemented in a Custom ROM for your device.

Source of quoted background information: Protecting Privacy - Compiling TaintDroid into Kernel to find leaky apps

Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).

Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:

What is TaintDroid?

From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."

From: http://appanalysis.org/index.html

How can I install TaintDroid?

As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html

How does TaintDroid work?

Here's a video demonstrating how TaintDroid works once it is installed and configured:

http://appanalysis.org/demo/index.html

Why would you want to install this?

There can be many reasons for installint TaintDroid:

- You want to learn about privacy features and play with Android kernel

- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper

- You are worried about what apps are doing behind your back and you want to know which apps to uninstall

- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is

What can you do?

As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.

Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.

BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.

Link to comment
Share on other sites
Guest zurpher

Guest zurpher

Posted
Posted
Wasn't this mentioned a while ago and the conclusion was it's easier to install wireshark?

What I liked about the TaintDroid demonstration video is that one would get this nice little notifications. As far as I understand Wireshark it requires standard Android users such as myself to be quite knowledgeable in order to distinguish legitimate from illegitimate data being send. I assume that most standard users would struggle with such a task.

I have found a Wireshark adaptation for Android at XDA-Developers:

Shark for Root

Could that be used to achieve something similar to TaintDroid if the implementation of TaintDroid proves too difficult?

Link to comment
Share on other sites
Guest zurpher

Guest zurpher

Posted
Posted
Looks like a good idea, but what's to stop shady app developers just encrypting or hashing personal info then phoning home?

Probably not much but it would only be done if TaintDroid would spread widely so that it's worth the effort. Furthermore, it would put a tiny bit more pressure on Google so that they can't just say that it's the users fault as they gave their permissions.

Link to comment
Share on other sites
Guest zurpher

Guest zurpher

Posted
Posted
I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :unsure:

Not only admob. See: Your apps are watching you. However, as Google are the giants in the internet advertising business it's not surprising that they don't have an interest to do anything that could prevent user profiling and data mining.

Link to comment
Share on other sites
Guest chall32

Guest chall32

Posted
Posted

Oh yes, been meaning to post about this. Certainly would be good to see.

Use wireshark sometimes as part of my day job. Wasn't aware something simular was available for android. Will definitely try it.

My £0.02 suggestion, install adfree http://www.appbrain.com/app/adfree-android....android.adfree This will block some personal info going back to advertisers. Obviously if the recipient isn't an advertiser, then there is nothing blocking outward bound personal info.

Does taintdroid also block?

Link to comment
Share on other sites
Guest ex-efixxer

Guest ex-efixxer

Posted
Posted

great idea! i´d also like to have TaintDroid in the froyo kernel! i think this is an important thing to have.. hope kallt_kaffe is reading this threat..

including it in Japanese Jellyfish would be the bomb! :unsure:

Link to comment
Share on other sites
Guest Magnets

Guest Magnets

Posted
Posted (edited)
My £0.02 suggestion, install adfree http://www.appbrain.com/app/adfree-android....android.adfree This will block some personal info going back to advertisers. Obviously if the recipient isn't an advertiser, then there is nothing blocking outward bound personal info.

Does taintdroid also block?

I don't really like blocking revenue streams of free apps, but ads taking so much personal data is not on, just had a quick look at the admob docs and the app developers can choose whether admob is allowed access to location or not. Adfree seems to work fine, I also installed Droidwall which also seems to work well.

How long is it going to take before your IP/GPS location are sold to some GEO IP database :unsure:

Edited by Magnets
Link to comment
Share on other sites
Guest zurpher

Guest zurpher

Posted
Posted

I have opened a new thread in the Android software section on privacy-enchancing apps. Please post there any privacy apps that you happen to know. Thank you!

On a different note, I have sent a PM to kallt_kaffe a few days ago regarding TaintDroid but didn't hear back yet. I think it doesn't need to be necessarily kallt_kaffe who implements TaintDroid. Any other Custom ROM developer is invited to do so. We would like to hear from you.

Link to comment
Share on other sites
Guest cartierv

Guest cartierv

Posted
Posted

Great idea. Long overdue.

Someone asked what is 'legitimate' traffic. I would say in an ideal world:

it pertains directly to the specific utility of software you are using (i.e Google maps needs to contact the server to get the map data)

But actually... you know what.. it's basically that data you are reasonably ok to have sent.

Sadly for people who care about privacy Google itself is a problem. It's the massive 800 lb gorilla in the living room that no one's talking about that much. Although there's been a few articles about it in the press.

In my ideal world I want:

No outbound data at all unless it's specifically to do with a service that I d/led the software for to begin with. So with Google map data. Not how much I've used my phone and who my contacts are. Not what my phone number is. Just a request to the server for map data. It's that simple really.

Apps like Dictionary.com are abusive spyware too and everyone's at it. Just a goldrush to see how much data can be collected. And frankly part of the reason is the mobile phone market encompasses a lot more dumb stupid people than the PC one.

Sorry I am rambling a bit.

But this is a really big problem. Glad someone's looking into it.

The other thing that's missing from Android and this really needs a seperate thread:

and that's system-wide encryption. Locally on the phone, things like notes, contacts, sms, folders whatever you want. Should be some API in Android that can do this.

I don't know what the score is on the iPhone for that, but I know OS X had things like filevault and keychain, although fv wasn't always practical.

Link to comment
Share on other sites
Guest gusthy

Guest gusthy

Posted
Posted
I just had a look with wireshark and admob adverts take your unique phone ID and LOCATION :D

Well, I agree with you about your concerns about ID, nút regarding location it is rather pointless to send swedish ads to a greek phone.

Link to comment
Share on other sites
Guest zurpher

Guest zurpher

Posted
Posted
Well, I agree with you about your concerns about ID, nút regarding location it is rather pointless to send swedish ads to a greek phone.

Location is also problematic - not on country level though. However, for that it would be sufficient to know the SIM-card provider. I don't want anyone to track my mobility. Especially if that data could be combined with other data sets, e.g. shopping behaviour or how affluent certain areas are.

Why does Angry Birds and its business partners need to know in which city I live?

Link to comment
Share on other sites
Guest Rotmann

Guest Rotmann

Posted
Posted (edited)
Location is also problematic - not on country level though. However, for that it would be sufficient to know the SIM-card provider. I don't want anyone to track my mobility. Especially if that data could be combined with other data sets, e.g. shopping behaviour or how affluent certain areas are.

Why does Angry Birds and its business partners need to know in which city I live?

To give you specific ads for your city like Groupon. It would not bring anything if you lived in München and would become offers for Köln.

Edited by Rotmann
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept