AntiTaintDroid (a.k.a. ScrubDroid)
AntiTaintDroid (a.k.a. ScrubDroid) is a proof-of-concept Android application offering a working implementation of the techniques presented in our paper at SECRYPT 2013 which can be exploited to bypass the security protections offered by TaintDroid, a real-time privacy monitoring mechanism based on dynamic taint analysis.
AntiTaintDroid/ScrubDroid is a work by NICTA. When referencing this work, please use the following citation:
- Golam Sarwar, Olivier Mehani, Roksana Boreli, and Mohammed Ali Kaafar. “On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices”. In: SECRYPT 2013, 10th International Conference on Security and Cryptography. Ed. by P. Samarati. ACM SIGSAC. Reykjávik, Iceland: SciTePress, July 2013. url: http://www.nicta.com.au/pub?id=6865;
- A BibTeX file is also available.
Video Demo
Quick Installation Guide
If you don't want to be hassled with compiling the app yourself, you may just follow the workflow below:
git clone git@github.com:gsbabil/AntiTaintDroid.git # checkout my source-code
cd AntiTaintDroid # change current directory to AntiTaintDroid
adb install bin/AntiTaintDroid.apk # compile and install the app on your phone/emulator
cd AntiTaintDroid/AntiTaintDroid-Server # change directory to AntiTaintDroid server
python antitaintdroid-server.py # runs the server
Compiling the code
I have included both the Eclipse and Ant project files. You should just be able to import it in Eclipse and hit the Run
button. Or, you can just do ant debug install
to compile and install it on your TaintDroid phone.
How it works
The mechanisms to bypass TaintDroid protections are elaborated in our paper. Also, the code itself if pretty self-explanatory. Just go through UntaintTricks.java
and you should be fine. You should note that the way this PoC app works is - first it collects some private information (e.g. IMEI, Android ID etc.) from the phone with collectPrivateData()
and then it tries to leak it over the network. Where the data is leaked to depends on where you run the server component. AntiTaintDroid PoC comes with a simple Python server which you can find in AntiTaintDroid-Server
directory. Just make sure that you cd
inside the AntiTaintDroid-Server
directory and then run the python antitaintdroid-server.py
script. The server should start a very simple web-server on port 8000
. Now you can go back to the app and hit menu > settings
to specify your server IP address and port number. That's it! Now you are ready to try all the AntiTaintDroid tricks. Each time you tap on a trick, some private data (depending on what you have in collectPrivateData()
) should be stolen, leaked to your server (antitaintdroid-server.py
will print it on the console) and of course there won't be any TaintDroid notification to alert you that your IMEI has just been stolen. Cheers!
References
TaintDroid is a joint collaboration between Intel Labs, Penn State and Duke University, and funded by the U.S. National Science Foundation.
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel and Anmol N. Sheth, "TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones," in OSDI 2010, 9th USENIX Symposium on Operating Systems Design and Implementation, R. Arpaci-Dusseau and B. Chen, Eds., USENIX; ACM SIGOPS. Berkeley, CA, USA: USENIX Association, Oct. 2012. [Online]. Available: http://static.usenix.org/events/osdi10/tech/full_papers/Enck.pdf