Researchers Develop Android Security Software
For Google Android, the best selling mobile OS in the world by some accounts, that popularity comes with a predictable price: Hackers, malware writers and other ne'er-do-wells are all over it.
The researchers are hoping to convince Google to work the technology into Android via an over-the-air-update, though haven't broached the subject with the company yet.
The privacy mode software – dubbed Taming Information-Stealing Smartphone Applications (TISSA) -- would give Android users more control over what information they divulge to makers of third-party apps, both at the time of downloading the app and while it's running. Privacy modes would include Trusted, Anonymized, Bogus and Empty, allowing a user to give an application everything from full access to none at all, including somewhere in between that would give an app at least enough information to work with.
TISSA could also be customized based on the app. For example, a weather app could be given a general idea of where a user is located, but not a precise address.
As an Android smartphone user himself, North Carolina State University Assistant Professor Xuxian Jiang is sensitive to the threat of his personal data being nabbed by hackers. He says he was motivated to work on TISSA after finding a data stealing vulnerability in Android 2.3 (Gingerbread).
Android's general vulnerability also grabbed headlines earlier this year with the DroidDream attack on the Google Android Market that opened up Android users to data theft and malware-infected apps on their phones.
APP ROUNDUP: 8 essential security apps for Android users
"There are a lot of concerns about potential leaks of personal information from smartphones," says Jiang, co-author of a paper describing the research that will be presented in June at the 4th International Conference on Trust and Trustworthy Computing in Pittsburgh.
Jiang says Android is the easiest of the smartphone operating systems to work with on a project like this, but says TISSA could be portable to other mobile OSes like Apple iOS.
The paper, "Taming Information-Stealing Smartphone Applications (on Android)," was co-authored by Jiang; Yajin Zhou, a Ph.D. student at NC State; Vincent Freeh, an associate professor of computer science at NC State; and Xinwen Zhang of Huawei America Research Center.
The research was supported by the National Science Foundation and NC State's Secure OpenSystems Initiative, which receives funding from the U.S. Army Research Office.
Read more about anti-malware in Network World's Anti-malware section.