Monday, August 6, 2012

AntiTaintDroid (a.k.a. ScrubDroid)- Escaping Taint Analysis (and stealing private information) on Android for Fun and Profit

UPDATE:  source code published on Github [2, 5]
Good news Everyone! I wrote an app that bypasses TaintDroid's [1] privacy monitoring features (Taint analysis) in more than a few ways. I will share the app on my GitHub [2] account very soon. Currently the app is capable of collecting private information such as Android device ID, Google account ID, network ID, IMEI etc. and send it to a pre-configured server (of course without raising any TaintDroid alert). If anyone is interested while I fine-tune my app (add support for reconfigurable server among other small things), please drop me a line in the comments. I would be happy to share how and what I have done.

To know more about how TaintDroid and Taint analysis works, please read their publications here [2]. If you Google for TaintDroid, you will also find a fair amount of information on what it is and how it works. Thanks for reading my Blog. I will update this post as soon as the next bit is ready.



[1] http://appanalysis.org/
[2] https://github.com/gsbabil
[3] http://appanalysis.org/pubs.html
[4] http://www.google.com.au/search?q=TaintDroid
[5] http://gsbabil.github.io/AntiTaintDroid/

8 comments:

Yuanyuan Zhou said...

Hi, I am really interested in how you bypass TaintDroid. Could you share with me your ideas?

pof said...

I don't see the app on github, will you finally publish it?

Babil Golam Sarwar said...

@pof: we are anticipating a peer-reviewed publication on a related topic. The code will be published along with the paper.

Bob said...

Is you paper out yet?

Babil Golam Sarwar said...

@Bob apologies for the late reply. Finally I will present my paper in SECRYPT July, 2013 http://www.secrypt.icete.org/. Sadly this is how fast academia and research publications work.

Anonymous said...

Hello there,
I admire the work you have done. I have a question. I have used Scrubdroid on the emulator and it was OK, nevertheless I couldn't get it work on my real tablet which is not built with TaintDroid. I know it may sound strange but I am experimenting something on it.
Thanks, Saeed.

Babil Golam Sarwar said...

Hi @Saeed,
you will have to build TaintDroid for your tablet first before trying to out ScrubDroid (which basically demonstrates how TaintDroid can be bypassed). You'll find the build instructions for TaintDroid here - http://appanalysis.org/download.html. If your tablet isn't already running TaintDroid, trying ScrubDroid wouldn't make any sense.

Anonymous said...

Hi again,
Thanks a lot for your quick response. Actually I wanted to try only the first two options of your App. I am running a test on some available forensic tools to see how sufficient they are. Wanna see if those tools notify when leaking the IMEI.
Saeed,
Cheers!

Post a Comment