US researchers developing software to protect Android devices from hacking

Known as TISSA – short for Taming Information-Stealing Smartphone Applications – the software will be formally unveiled in June of this year.

According to Dr. Xuxian Jiang, the assistant professor of computing at NC State, and the co-author of a research paper on the software, there are a lot of concerns about potential leaks of personal information from smartphones.

"We have developed software that creates a privacy mode for Android systems, giving users flexible control over what personal information is available to various applications", he said.

Dr. Jiang added that the Android software works by creating a privacy settings manager that allows users to customise the level of information each smartphone application can access.

These settings, he explained, can be adjusted any time that the relevant applications are being run – not just when the applications are installed.

The TISSA prototype includes four possible privacy settings for each application. These settings are Trusted, Anonymised, Bogus and Empty.

If an application is listed as Trusted, TISSA does not impose additional information access restrictions. If the user selects Anonymised, the app provides the application with generalised information that allows the application to run, without providing access to detailed personal information.

The Bogus setting, meanwhile, provides an application with fake results when it requests personal information.

And the Empty setting responds to information requests by saying the relevant information does not exist or is unavailable.

Jiang says that TISSA could be easily modified to incorporate additional settings that would allow more fine-grained control of access to personal information.

"These settings may be further specialised for different types of information, such as your contact list or your location", he explained, adding that the settings can also be specialised for different applications.

For example, he says, a user may install a weather application that requires location data in order to provide the user with the local weather forecast.

Rather than telling the application exactly where the user is, TISSA could be programmed to give the application generalised location data – such as a random location within a 10-mile radius of the user.

This, adds Dr. Jiang, would allow the weather application to provide the local weather forecast information, but would ensure that the application couldn't be used to track the user's movements.

Plans call for Dr. Jiang and his colleagues’  paper to be presented in June at the 4th International Conference on Trust and Trustworthy Computing, in Pittsburgh, Pa.

The research was supported by the National Science Foundation and NC State's Secure Open Systems Initiative, which receives funding from the US Army Research Office.

What’s Hot on Infosecurity Magazine?