In this paper we claim that an efficient and readily applicable means to
improve privacy of Android applications is: 1) to perform runtime monitoring by
instrumenting the application bytecode and 2) in-vivo, i.e. directly on the
smartphone. We present a tool chain to do this and present experimental results
showing that this tool chain can run on smartphones in a reasonable amount of
time and with a realistic effort. Our findings also identify challenges to be
addressed before running powerful runtime monitoring and instrumentations
directly on smartphones. We implemented two use-cases leveraging the tool
chain: BetterPermissions, a fine-grained user centric permission policy system
and AdRemover an advertisement remover. Both prototypes improve the privacy of
Android systems thanks to in-vivo bytecode instrumentation.Comment: ISBN: 978-2-87971-111-