“TrustDroid™”: Preventing the use of SmartPhones for information leaking in corporate networks through the used of static analysis taint tracking

Over the last 12 years three important dates have marked the beginning of a major paradigm shift in computing and the security models applied to protect an emerging computing environment - March 1999, January 9th, 2007, and July 2007. These dates roughly correspond to the birth of SalesForce.com, the most successful Software as a Service (SaS) provider to date, Steve Jobs introduction of the Iphone,, and the discovery of the Zeus Botnet. These innovations have been instrumental in enabling a paradigm shift in computing, away from a corporate network centric model with Windows end-point devices to what we called in this manuscript the Circa 2020 Computing Model. In the circa 2020 Computing model applications and data reside in the Cloud, the concept of an extended Trust Domain (network) disappears - there is no corporate network, and finally the end-point device is a SmartPhone owned and operated by employees - Bring Your Own Device (BYOD). In such an environment, the end-point device is not “Trusted”, and there is a high likelihood that the BYOD can be used as a channel to leak sensitive data. In this manuscript, we present a new mechanism to prevent such a situation. We called this mechanism “TrustDroid™”. TrustDroid™ is a static analyzer based on taint tracking that can be used to prevent leakage of sensitive information by an un-trusted Android SmartPhone.