Detection and Deterrence from Data Collecting Applications in Android

As Android User's and its application market is growing; android applications tend to collect user's data for various purposes; for advertisement agencies, for better user experiences and to learn about user's behavior on internet. However, it raises concern about privacy of an individual being compromised. We propose a methodology, to make android applications deterrent to data leakage as well as detect covert communications in them. We have used reverse engineering approaches to identify sources and sinks of the data leakage as well as covert communication, if any. We tested our methodology over a set a 57 highly popular applications from PlayStore and found that nearly 40% are covertly collecting user's data and nearly 60% are making questionable connections to undeclared servers. However, after modification of application we did not find much difference in user experiences. We also did a case study of data logging application, DroidWatch by Justin Grover.