Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Sensitive Data in Smartphone Applications: Where Does It Go? Can It Be Intercepted?

Download
133 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78816-6_21,
        author={Eirini Anthi and George Theodorakopoulos},
        title={Sensitive Data in Smartphone Applications: Where Does It Go? Can It Be Intercepted?},
        proceedings={Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM \& ATCS \& SEPRIOT},
        year={2018},
        month={4},
        keywords={Mobile security Man-in-the-middle attacks Wireless network security Network sniffing SSL/TLS},
        doi={10.1007/978-3-319-78816-6_21}
    }
    
  • Eirini Anthi
    George Theodorakopoulos
    Year: 2018
    Sensitive Data in Smartphone Applications: Where Does It Go? Can It Be Intercepted?
    SECURECOMM & ATCS & SEPRIOT
    Springer
    DOI: 10.1007/978-3-319-78816-6_21
Eirini Anthi1,*, George Theodorakopoulos1,*
  • 1: Cardiff University
*Contact email: anthies@cardiff.ac.uk, theodorakopoulosg@cardiff.ac.uk

Abstract

We explore the ecosystem of smartphone applications with respect to their privacy practices towards sensitive user data. In particular, we examine 96 free mobile applications across 10 categories, in both the and , to investigate how securely they transmit and handle user data. For each application, we perform wireless packet sniffing and a series of man-in-the-middle (MITM) attacks to capture personal identifying information, such as usernames, passwords, etc. During the wireless packet sniffing, we monitor the traffic from the device when a specific application is in use to examine if any sensitive data is transmitted unencrypted. At the same time, we reveal and assess the list of ciphers that each application uses to establish a secure connection. During the MITM attacks, we use a variety of methods to try to decrypt the transmitted information.