Data leakage detection in Tizen Web applications

The explosive growth in Internet of Things (IoT) devices like smartphones, tablets, smart TVs, and smartwatches has brought new challenges for software developers. Currently a single app can be created and executed on multiple target platforms. In this scenario, different programming languages such as HTML5 and JavaScript, and operational systems like Tizen and webOS promises easy multi-platform development. However, one of the biggest concerns from companies that develop applications to these IoT devices is the leakage or exposure of sensitive data. In this work we are addressing this problem by creating a modified version of Tizen, called TTizen, that modifies the Tizen Web Runtime to add dynamic taint tracking, with that we can track sensitive information that is being leaked, even if the information is obfuscated, and warn the users. From our knowledge this is the first prototype that adds this kind of technique to Tizen and tracks web applications in mobile devices. The results show that TTizen is a promising approach that can be improved and used to detect data leakage in IoT devices.