Mobile
Security
Experimental Set Up
To conduct the experiments we create a hotspot by connecting the laptop to the Internet via Ethernet cable, as shown in the diagram below.
We then connect the smartphone on this Wi-Fi hotspot. On the laptop we have installed all the tools required to test the apps such as
Wireshark, Burpsuit, mitmproxy, and Python.
Testing the mobile applications
In order to test each application we manually simulate a typical use for 10 to 15 minutes.
The time spent on each application varies and exclusively depends
on its type. During the simulation:
- We explore the basic functions of the application (create a user account, search using various keywords,
perform actions that require personal identifying data, and complete a level of a game). - We record speci c keywords and personal user data that are used during each simulation.
- We then search for these keywords and personal data in the captured communications.
- We ensure that only the tested application is open.
- We allow all requested permissions, such as sharing location data except push notifications.
Sensitive Data
| Categories of data | Data types |
|---|---|
| Behavior | Eployment (Job Searches) |
| Medical | Private Messaging (chats, texts, etc.) | Searching |
| Location | Longitude |
| Latitude | |
| Personal Indentifying Infromation | Address |
| Age | |
| Date of Birth | |
| Device Information (e.g. Device ID) | |
| Gender | |
| Username | |
| Password | |
| Post Code | |
| Telephone Number | |
| Name |