AntiTaintDroid (a.k.a. ScrubDroid) - Escaping Taint Analysis (and stealing private information) on Android for Fun and Profit

Download as .zip Download as .tar.gz View on GitHub

AntiTaintDroid (a.k.a. ScrubDroid)

AntiTaintDroid (a.k.a. ScrubDroid) is a proof-of-concept Android application offering a working implementation of the techniques presented in our paper at SECRYPT 2013 which can be exploited to bypass the security protections offered by TaintDroid, a real-time privacy monitoring mechanism based on dynamic taint analysis.

AntiTaintDroid/ScrubDroid is a work by NICTA. When referencing this work, please use the following citation:

Video Demo

Quick Installation Guide

If you don't want to be hassled with compiling the app yourself, you may just follow the workflow below:

  git clone # checkout my source-code
  cd AntiTaintDroid # change current directory to AntiTaintDroid
  adb install bin/AntiTaintDroid.apk # compile and install the app on your phone/emulator
  cd AntiTaintDroid/AntiTaintDroid-Server # change directory to AntiTaintDroid server
  python # runs the server

Compiling the code

I have included both the Eclipse and Ant project files. You should just be able to import it in Eclipse and hit the Run button. Or, you can just do ant debug install to compile and install it on your TaintDroid phone.

How it works

The mechanisms to bypass TaintDroid protections are elaborated in our paper. Also, the code itself if pretty self-explanatory. Just go through and you should be fine. You should note that the way this PoC app works is - first it collects some private information (e.g. IMEI, Android ID etc.) from the phone with collectPrivateData() and then it tries to leak it over the network. Where the data is leaked to depends on where you run the server component. AntiTaintDroid PoC comes with a simple Python server which you can find in AntiTaintDroid-Server directory. Just make sure that you cd inside the AntiTaintDroid-Server directory and then run the python script. The server should start a very simple web-server on port 8000. Now you can go back to the app and hit menu > settings to specify your server IP address and port number. That's it! Now you are ready to try all the AntiTaintDroid tricks. Each time you tap on a trick, some private data (depending on what you have in collectPrivateData()) should be stolen, leaked to your server ( will print it on the console) and of course there won't be any TaintDroid notification to alert you that your IMEI has just been stolen. Cheers!


TaintDroid is a joint collaboration between Intel Labs, Penn State and Duke University, and funded by the U.S. National Science Foundation.