Proposal / Submission Type

Peer Reviewed Paper

Abstract

Uber is a ride-hailing smartphone application (app) that allows users to order a ride in a highly efficient manner. The Uber app provides Mobility as a Service and allows users to easily order a ride in a private car with just a few clicks. Uber stores large amounts of data on both the mobile device the app is being used on, and in the cloud. Examples of this data include geolocation data, date/time, origin/destination addresses, departure/arrival times, and distance. Uber geolocation data has been previously researched to investigate the privacy of the Uber app; however, there is minimal research relating to the other data the Uber app collects. Because this data could be of significance in a forensic investigation, it is important to determine where the majority of the Uber data are stored, either in the cloud or on the mobile device itself, and if one of these storage locations contains more information than the other. In this study, we analyzed the Uber app by forensically imaging the iPhone running the Uber app in three different acquisition phases. The different acquisitions allowed us to compare the data before and after data population, determine where the majority of the Uber data are stored, and determine if jailbreaking the iPhone provided more data than the previous acquisitions. Obtaining and analyzing the data in this study was done using Magnet AXIOM and Cellebrite forensic software suites.

Share

COinS
 

Digital Forensics for Mobility as A Service Platform: Analysis of Uber Application on iPhone and Cloud

Uber is a ride-hailing smartphone application (app) that allows users to order a ride in a highly efficient manner. The Uber app provides Mobility as a Service and allows users to easily order a ride in a private car with just a few clicks. Uber stores large amounts of data on both the mobile device the app is being used on, and in the cloud. Examples of this data include geolocation data, date/time, origin/destination addresses, departure/arrival times, and distance. Uber geolocation data has been previously researched to investigate the privacy of the Uber app; however, there is minimal research relating to the other data the Uber app collects. Because this data could be of significance in a forensic investigation, it is important to determine where the majority of the Uber data are stored, either in the cloud or on the mobile device itself, and if one of these storage locations contains more information than the other. In this study, we analyzed the Uber app by forensically imaging the iPhone running the Uber app in three different acquisition phases. The different acquisitions allowed us to compare the data before and after data population, determine where the majority of the Uber data are stored, and determine if jailbreaking the iPhone provided more data than the previous acquisitions. Obtaining and analyzing the data in this study was done using Magnet AXIOM and Cellebrite forensic software suites.