TaintDroid: An Information-Flow Tracking System for Realtime Privacy
Monitoring on Smartphones

Today's smartphone operating systems fail to provide users with
adequate control and visibility into how third-party applications use
their private data. We present TaintDroid, an efficient, system-wide
dynamic taint tracking and analysis system for the popular Android
platform that can simultaneously track multiple sources of sensitive
data. TaintDroid's efficiency to perform real-time analysis stems from
its novel system design that leverages the mobile platform's
virtualized system architecture. TaintDroid incurs only 14%
performance overhead on a CPU-bound micro-benchmark with little, if
any, perceivable overhead when running third-party applications. We use
TaintDroid to study the behavior of 30 popular third-party Android
applications and find several instances of misuse of users' private
information.  We believe that TaintDroid is the first working
prototype demonstrating that dynamic taint tracking and analysis
provides informed use of third-party applications in existing
smartphone operating systems.