Proposal / Submission Type
Peer Reviewed Paper
Location
Daytona Beach, Florida
Start Date
25-5-2016 10:30 AM
Abstract
Smartphone and tablets are personal devices that have diffused to near universal ubiquity in recent years. As Smartphone users become more privacy-aware and -conscious, research is needed to understand how “leakage” of private information (personally identifiable information – PII) occurs. This study explores how leakage studies in Droid devices should be adapted to Apple iOS devices. The OWASP Zed Attack Proxy (ZAP) is examined for 50 apps in various categories. This study confirms that: (1) most apps transmit unencrypted sensitive PII, (2) SSL is used by some recipient websites, but without corresponding app compliance with SSL, and (3) most apps in iOS environments reveal (leak) smartphone version. The paper concludes that much additional work is needed to assess the privacy dominance between platforms and to raise user awareness of smartphone privacy intrusions.
Keywords: mobile forensics, ZAP, privacy leakage, metadata, security
Scholarly Commons Citation
Hintea, Diana; Taramonli, Chrysanthi; Bird, Robert; and Yusuf, Rezhna, "Forensic Analysis of Smartphone Applications for Privacy Leakage" (2016). Annual ADFSL Conference on Digital Forensics, Security and Law. 7.
https://commons.erau.edu/adfsl/2016/wednesday/7
Included in
Aviation Safety and Security Commons, Computer Law Commons, Defense and Security Studies Commons, Forensic Science and Technology Commons, Information Security Commons, National Security Law Commons, OS and Networks Commons, Other Computer Sciences Commons, Social Control, Law, Crime, and Deviance Commons
Forensic Analysis of Smartphone Applications for Privacy Leakage
Daytona Beach, Florida
Smartphone and tablets are personal devices that have diffused to near universal ubiquity in recent years. As Smartphone users become more privacy-aware and -conscious, research is needed to understand how “leakage” of private information (personally identifiable information – PII) occurs. This study explores how leakage studies in Droid devices should be adapted to Apple iOS devices. The OWASP Zed Attack Proxy (ZAP) is examined for 50 apps in various categories. This study confirms that: (1) most apps transmit unencrypted sensitive PII, (2) SSL is used by some recipient websites, but without corresponding app compliance with SSL, and (3) most apps in iOS environments reveal (leak) smartphone version. The paper concludes that much additional work is needed to assess the privacy dominance between platforms and to raise user awareness of smartphone privacy intrusions.
Keywords: mobile forensics, ZAP, privacy leakage, metadata, security
