Poster: Towards Compiler-Assisted Taint Tracking On The Android Runtime (Art)

Dynamic analysis and taint tracking on Android was typically implemented by instrumenting the Dalvik Virtual Machine. However, the new Android Runtime (ART) introduced in Android 5 replaces the interpreter with an on device compiler suite. Therefore as of Android 5, the applicability of interpreter instrumentation-based approaches like TaintDroid [1] is limited to Android versions up to 4.4 Kitkat. In this poster, we present ongoing work on re enabling taint tracking for apps by instrumenting the Optimizing backend, used by the new ART compiler suite for code generation. As Android now compiles apps ahead-of-time from dex bytecode to platform specific native code on the device itself, an instrumented compiler provides the opportunity to emit additional instructions that enable the actual taint tracking. The result is a custom compiler that takes arbitrary app APKs and transforms them into self taint tracking native code, executable by the Android Runtime.