Monday, August 6, 2012

AntiTaintDroid (a.k.a. ScrubDroid)- Escaping Taint Analysis (and stealing private information) on Android for Fun and Profit

UPDATE:  source code published on Github [2, 5]
Good news Everyone! I wrote an app that bypasses TaintDroid's [1] privacy monitoring features (Taint analysis) in more than a few ways. I will share the app on my GitHub [2] account very soon. Currently the app is capable of collecting private information such as Android device ID, Google account ID, network ID, IMEI etc. and send it to a pre-configured server (of course without raising any TaintDroid alert). If anyone is interested while I fine-tune my app (add support for reconfigurable server among other small things), please drop me a line in the comments. I would be happy to share how and what I have done.

To know more about how TaintDroid and Taint analysis works, please read their publications here [2]. If you Google for TaintDroid, you will also find a fair amount of information on what it is and how it works. Thanks for reading my Blog. I will update this post as soon as the next bit is ready.



[1] http://appanalysis.org/
[2] https://github.com/gsbabil
[3] http://appanalysis.org/pubs.html
[4] http://www.google.com.au/search?q=TaintDroid
[5] http://gsbabil.github.io/AntiTaintDroid/

8 comments:

Post a Comment