Emerging Tech

Blog archive
TaintArtist promises to detect abusive smartphone apps

TaintArtist promises to detect abusive phone apps

Whether you’re in charge of mobile security for your agency or just a consumer trying to keep your personal information private, the smartphone presents a growing challenge.  Because agencies are trying to accommodate employees who want to use their personal mobile devices and apps, screening for malware that can intercept messages, track calls and even tap into the device’s microphone is difficult if not impossible.

The size of that challenge was recently highlighted by researchers at the Center for IT Security, Privacy and Accountability (CISPA) at the University of Saarland in Germany, who found that more than 88 percent of Android apps secretly tap into user data. 

Those researchers suggested that, rather than trying to screen apps, it may be more effective to monitor the behavior of installed apps for signs of “improper” behavior. 

As a result, three CISPA researchers -- Oliver Schranz, Philipp von Styp-Rekowsky and Sebastian Weisgerber -- developed an app to track what data apps are accessing and what they are attempting to do with it.  The app is called “TaintArtist,” a reference to “taint tracking,” the practice of including an exploding dye packet in bundles of cash stolen by bank robbers. 

According to Schranz, one common culprit is malware that attempts to identify users by tracking device IDs and other data.  “This is a rather easy case where our system will notice that the app is requesting the device ID and will taint it,” Schranz said.  “Eventually, the app will send out the identifier over the Internet, probably with small modifications, which can then be detected by TaintArtist. At this point, the system will interrupt the application and inform the user before that data is about to leak.”

TaintArtist, which is still in development, then offers the user the option either to allow the action that TaintArtist considers potentially harmful or to abort the app.  “It's generally not possible to automate this decision,” Schranz said, “because each user needs to decide for himself what is allowed and what needs to be blocked, and everything needs to be judged in the current context.”

Schranz offered the example of a piece of malware taking control of an instant messaging program.  If the user actually intended to send a message, he or she will likely decline to block it when TaintArtist warns of the action.  But if the user hasn’t initiated a message and TaintAlert detects a transmission attempt, “this would be an invasion of his privacy and therefore a valid reason to block the request,” he said.

TaintAlert also allows the user to create policies about what behaviors should be monitored.  A user might, for example, choose to protect private photos but not contacts or calendar entries.

Currently TaintAlert is still a “proof-of-concept prototype that proves we can solve the main technical challenges,”  Schranz said, adding that the team has received generally positive feedback from testers.  “Many people have asked when and how to get our system, so we are currently evaluating how to proceed here, he said.  “At this point, I cannot say anything more than that we keep it open whether we want to make it publicly available, create an enterprise version or go down a completely different path.”

Posted by Patrick Marshall on Mar 29, 2016 at 2:09 PM


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.