TaintDroid Tracks Leaks of Personal Data to Ad Firms

The unfortunately named (and, yes, SFW) app is the internal affairs cop of the Android app store.



TaintDroid ‘aint exactly your normal run-of-the-mill Android app: It’s a sneaky bit of software designed to monitor other Android apps, and detect what data they’re sending off to remote servers. The results imply that a lot of personal stuff may be leaking without your consent.

Developed by programmers at Penn State University, TaintDroid was used to snoop on the data that other Android apps were sending (behind the scenes and not necessarily with a phone owner’s consent or even knowledge) to remote servers for the purposes of advertising.

Thirty popular apps were surveyed, and a phenomenal 50% sent data on geographic location to remote ad servers. Seven of the apps even used a unique identifier number that could be used to ID your phone, and sometimes the phone number and SIM card serial number (bet you don’t even know that yourself) were fired over the airwaves. All told the team found 20 apps were misusing personal data in 68 clearly identified infringements.

Before Android defenders leap to their keyboards, yes this system isn’t exactly watertight. The choice of app may well influence the stats, 30 is a small sample number from the 70,000 Android apps and if the sample set included Foursquare or similar apps, their entire raison d’etre is to share some personal data with the world. But the TaintDroid team swears these particular instances of personal data sharing were “suspicious” because in many cases it was completely unclear that your phone was sharing personal info when you performed particular actions.

We all recognize that personalized ads are often more acceptable as an end-user consumer (since you’re exposed to ads that may be for things you’d be interested in trying out) and they represent better value for money for the companies concerned–the ads simply reach more interested eyes this way. Entire novel business models are being crafted on this basis right now, with Apple’s iAd as a high-profile example and Foursquare and other “checkin” games as really innovative game-changers. But in these cases, benefiting from Apple’s closed ecosystem and its recent privacy enhancements that make it clear to uses when their data is being shared, the emphasis is on protecting user privacy. TaintDroid’s results seem to indicate that the Android marketplace is a slightly riskier place if you’re nervous about Net sharing.

This data is so controversial we’ve contacted the team to see if we can get a deeper insight into their methods.


To keep up with this news, follow me, Kit Eaton, on Twitter.

About the author

I'm covering the science/tech/generally-exciting-and-innovative beat for Fast Company. Follow me on Twitter, or Google+ and you'll hear tons of interesting stuff, I promise.