Laura Caiafa, technical support manager at DataViz, wrote back telling me that Documents to Go on Android requires the ability to read the phone’s identity because it links product registrations to the phone’s IMEI/MEID number (a kind of a serial number). “Additionally, we check the phone’s network state for roaming prior to allowing the user to register, which also requires this permission.”
Full Internet access is required to register the application (which Documents to Go does directly, rather than through the Web browser). Finally, the program starts install when a phone is switched on.
One problem with this manual survey approach is that it’s incredibly time-consuming. A second problem is that you can’t tell what the phone is doing with these permissions–is it sending my confidential data to crooks, is it using my position and Internet access to show me location-based advertisements, or is it just registering my application so I can get free updates?
A working solution to this problem will be presented on Wednesday at the Usenix Symposium on Operating Systems Design and Implementation (OSDI) in Vancouver, Canada. Called TaintDroid, the program uses an approach called data labeling or tainting to monitor the flow of personal information through a running Android phone.
Developed by researchers at Pennsylvania State University, Duke University, and Intel Labs, TaintDroid was designed to analyze 30 different Android applications. The researchers made some very interesting discoveries. For example, although 21 of the 30 applications required permission to read the phone state and permission to communicate over the Internet, only two of the applications actually transmitted the device’s phone number or unique code to the remote server. One of these transmits the information every time the phone boots–allowing the developer to know how many phones currently have the app installed, but also violating each user’s privacy in a pretty significant way.
The researchers write in their paper that half of the applications they monitored transmitted the user’s “location data to third-party advertisement servers without requiring implicit or explicit user consent”–that is, without divulging this fact in the application’s End User License Agreement. “In some cases, location data was transmitted to advertisement servers even when no advertisement was displayed in the application.” You can download the paper from the researchers’ website.
Some commentators may argue that the OSDI paper is further proof that Apple’s policy of manually vetting each application in its app store is superior to the Android policy. The truth is, we just don’t know how many apps hidden in Apple’s App Store steal personal information because there is no easy way to audit the capabilities of programs that are available for download. Apple’s review process doesn’t evaluate the application’s source code, so it would be possible for a malicious developer (or even a single programmer inside an app development company) to sneak something through. At least with Android, the operating system tries to prevent apps from accessing each other’s data, and from using the Internet unless they request that permission.
Another factor in Android’s favor is its use of the Linux operating system, for which all the source code is available. The Penn State, Duke, and Intel researchers could develop TaintDroid because it is relatively easy to get under the hood of Android and install the necessary functionality. Although it might be possible to accomplish the same results on the iPhone, the reverse-engineering process would be dramatically more difficult.
But information about poor app behavior will not be enough to provide security to Android users. Users simply lack the vigilance and the knowledge to make use of the information that Android provides. Unless Google establishes policies for protecting the privacy of its mobile users, Android will increasingly be seen as a system that is plagued by security problems, even if the real reason for this is that we have a better idea of what’s happening on Android than on the other smart-phone platforms.