DocumentCode
3708688
Title
Following the Wi-Fi breadcrumbs: Network based mobile application privacy threats
Author
Michael Kennedy;Rossilawati Sulaiman
Author_Institution
Faculty of Information Science & Technology, Universiti Kebangsaan Malaysia, Bangi, Malaysia
fYear
2015
Firstpage
265
Lastpage
270
Abstract
Users are concerned about the protection of personal information they share with mobile applications. Researchers have previously explored security threats to mobile applications through wireless network access, including the disclosure of personal information through unencrypted traffic, excessive information disclosure to service providers, and flaws in TLS security. This study replicates these security threats and performs an assessment of the potential privacy impact for a sample of 30 Android applications. The results show that disclosure of personal information through unencrypted traffic is a significant risk. Individual applications were found which disclosed a user´s identity and application usage, and persistent device identifiers were leaked allowing user information to be linked across applications and wireless sessions. A small number of applications disclosed inappropriate amounts of personal information to service providers which could allow user tracking. TLS issues continue to pose a risk, with one application exhibiting a previously identified TLS certificate validation issue, and a potentially new encryption protocol downgrade flaw was identified triggered by an invalid certificate. Insecure authentication techniques were used by 30% of applications tested and pose a privacy risk even when applications use TLS.
Keywords
"Mobile applications","Object recognition","Privacy","Smart phones","IEEE 802.11 Standard","Wireless communication","Security"
Publisher
ieee
Conference_Titel
Electrical Engineering and Informatics (ICEEI), 2015 International Conference on
Print_ISBN
978-1-4673-6778-3
Electronic_ISBN
2155-6830
Type
conf
DOI
10.1109/ICEEI.2015.7352508
Filename
7352508
Link To Document