Paper Title: On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices

Your Roll no.: MT13079 Your Name: Shruti Bansal What is the main problem/question being addressed in the paper explain in a few sentences: The paper presents various attacks which reduce the effectiveness of TaintDroid and identify the ways to circumvent the taint analysis. Shortcomings (did paper leave out something which should have been a part etc.) When reading from a file makes the variable tainted, how using shell command breaks the chain? The success rate of individual attack has not been reported. How many times each attack was done is not known. This makes the error of 5% very vague. It is not evident for who is the system relevant. A user can not benefit from it until massive changes are made in the system to prevent many of the attacks.

State briefly any interesting research questions, possible applications, any interesting thoughts that occurred to you by reading this paper. Why protections against benign code subversion attack infeasible? How effective TaintDroid and attacks against it will be on other platforms like windows which give restricted access to users? How secure are they in protecting user data? Will user privacy be better maintained if changes are made into android architecture along with its implementation?