Experimental Set Up

To conduct the experiments we create a hotspot by connecting the laptop to the Internet via Ethernet cable, as shown in the diagram below.
We then connect the smartphone on this Wi-Fi hotspot. On the laptop we have installed all the tools required to test the apps such as
Wireshark, Burpsuit, mitmproxy, and Python.

Testing the mobile applications

In order to test each application we manually simulate a typical use for 10 to 15 minutes.
The time spent on each application varies and exclusively depends on its type. During the simulation:

  • We explore the basic functions of the application (create a user account, search using various keywords,
    perform actions that require personal identifying data, and complete a level of a game).
  • We record speci c keywords and personal user data that are used during each simulation.
  • We then search for these keywords and personal data in the captured communications.
  • We ensure that only the tested application is open.
  • We allow all requested permissions, such as sharing location data except push notifications.

Sensitive Data

Categories of data Data types
Behavior Eployment (Job Searches)
Private Messaging (chats, texts, etc.)
Location Longitude
Personal Indentifying Infromation Address
Date of Birth
Device Information (e.g. Device ID)
Post Code
Telephone Number