Designing information flow policies for Android´s operating system

A mobile phone evolves as a data repository where the pieces of data have different owners and may thus be protected by different security policies. These pieces of data are used on an open environment controlled by a non-specialist user: the owner of the mobile phone. However, previous research projects have studied dynamic monitoring of information flows in a system. We believe that the results of these projects are well adapted for protecting information on an embedded system as a mobile phone. Nevertheless the difficulties to define the information flow policy that govern the information flow monitor is an obstacle for the usability of such an approach by a wide audience. In this paper we detail step by step the construction of a precise information flow policy for the Android operating system. Our main objective is to answer the following questions: in practice, how much sensitive information can be monitored on a real system? What information it is desirable to monitor on a mobile phone? What is the induced execution overhead for applications? Can we propose a default information flow policy?