Title

Following the Wi-Fi breadcrumbs: Network based mobile application privacy threats

Document Type

Conference Proceeding

Publication Title

2015 International Conference on Electrical Engineering and Informatics (ICEEI)

Publisher

IEEE

School

School of Science

RAS ID

21645

Comments

Originally published as: Kennedy, M., & Sulaiman, R. (2015). Following the Wi-Fi breadcrumbs: Network based mobile application privacy threats. In Proceedings of the IEEE 2015 International Conference on Electrical Engineering and Informatics (ICEEI) (pp. 265-270). Original publication available here

Abstract

Users are concerned about the protection of personal information they share with mobile applications. Researchers have previously explored security threats to mobile applications through wireless network access, including the disclosure of personal information through unencrypted traffic, excessive information disclosure to service providers, and flaws in TLS security. This study replicates these security threats and performs an assessment of the potential privacy impact for a sample of 30 Android applications. The results show that disclosure of personal information through unencrypted traffic is a significant risk. Individual applications were found which disclosed a user's identity and application usage, and persistent device identifiers were leaked allowing user information to be linked across applications and wireless sessions. A small number of applications disclosed inappropriate amounts of personal information to service providers which could allow user tracking. TLS issues continue to pose a risk, with one application exhibiting a previously identified TLS certificate validation issue, and a potentially new encryption protocol downgrade flaw was identified triggered by an invalid certificate. Insecure authentication techniques were used by 30% of applications tested and pose a privacy risk even when applications use TLS.

DOI

10.1109/ICEEI.2015.7352508

Share

 
COinS