By Alex W
Android, the increasingly popular operating system (OS) for mobile phones, goes to great lengths to protect users’ data. From applications that run as their own userid, in their own group, to the permission mechanism that alerts users to the information an application can access, Android is a far more secure platform than any desktop OS. However, there is a significant difference between informing a user what an application can access, and what the application actually does with the information. An Android app downloaded from the Market may request access to the internet and to the user’s address book, for example, but beyond that the user has no idea what the application does with those permissions. How do we guarantee that a malicious app isn’t making a copy of a user’s private data, and sending it to a secret sever operated by the application’s author?