Research Article
Sensitive Data in Smartphone Applications: Where Does It Go? Can It Be Intercepted?
@INPROCEEDINGS{10.1007/978-3-319-78816-6_21, author={Eirini Anthi and George Theodorakopoulos}, title={Sensitive Data in Smartphone Applications: Where Does It Go? Can It Be Intercepted?}, proceedings={Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM \& ATCS \& SEPRIOT}, year={2018}, month={4}, keywords={Mobile security Man-in-the-middle attacks Wireless network security Network sniffing SSL/TLS}, doi={10.1007/978-3-319-78816-6_21} }- Eirini Anthi
George Theodorakopoulos
Year: 2018
Sensitive Data in Smartphone Applications: Where Does It Go? Can It Be Intercepted?
SECURECOMM & ATCS & SEPRIOT
Springer
DOI: 10.1007/978-3-319-78816-6_21
Abstract
We explore the ecosystem of smartphone applications with respect to their privacy practices towards sensitive user data. In particular, we examine 96 free mobile applications across 10 categories, in both the and , to investigate how securely they transmit and handle user data. For each application, we perform wireless packet sniffing and a series of man-in-the-middle (MITM) attacks to capture personal identifying information, such as usernames, passwords, etc. During the wireless packet sniffing, we monitor the traffic from the device when a specific application is in use to examine if any sensitive data is transmitted unencrypted. At the same time, we reveal and assess the list of ciphers that each application uses to establish a secure connection. During the MITM attacks, we use a variety of methods to try to decrypt the transmitted information.
