Sensitive data in smartphone applications: Where does it go? Can it be intercepted?
In this project, we explore the ecosystem of smartphone applications with respect to their privacy practices towards sensitive user data.
We test almost 100 of the most popular mobile applications in order to investigate how they transmit and handle user data.
For each application we perform a series of experiments/attacks.
Motivation
In the last decade, the number of smartphone users has increased dramatically.
Due to their capabilities, smartphone owners not only use their devices to communicate but also to perform important
everyday life activities (e.g. esearching a health condition, accessing education resources, navigating, etc.).
As the users use various mobile applications to achieve the above, often are required to share personal information with these apps.
However, it is often not clear to them how exactly these applications handle their personal data.
In this work we try to answer the following questions:
Is the transmitted data encrypted?
Can it be intercepted?
How do mobile applications handle user data? Do they share it with third parties?
Fig1. Sensitive data used in mobile apps travells via Wi-Fi and goes to the application's server and/or other 3rd party servers.
Mobile
Security
