Forensic Analysis of Smartphone Applications for Privacy Leakage

Diana Hintea, Sandy Taramonli, Bob Bird, R. Yusuf

    Research output: Contribution to conferencePaperpeer-review

    Abstract

    Smartphone and tablets are personal devices that have diffused to near universal ubiquity in recent years. As Smartphone users become more privacy-aware and -conscious, research is needed to understand how “leakage” of private information (personally identifiable information – PII) occurs. This study explores how leakage studies in Droid devices should be adapted to Apple iOS devices. The OWASP Zed Attack Proxy (ZAP) is examined for 50 apps in various categories. This study confirms that: (1) most apps transmit unencrypted sensitive PII, (2) SSL is used by some recipient websites, but without corresponding app compliance with SSL, and (3) most apps in iOS environments reveal (leak) smartphone version. The paper concludes that much additional work is needed to assess the privacy dominance between platforms and to raise user awareness of smartphone privacy intrusions
    Original languageEnglish
    Publication statusPublished - Apr 2016
    Event11th Annual ADFSL Conference on Digital Forensics, Security and Law - Daytona Beach, United States
    Duration: 24 May 201626 May 2016
    Conference number: 11

    Conference

    Conference11th Annual ADFSL Conference on Digital Forensics, Security and Law
    Country/TerritoryUnited States
    CityDaytona Beach
    Period24/05/1626/05/16

    Bibliographical note

    This paper is not available in Pure.

    Fingerprint

    Dive into the research topics of 'Forensic Analysis of Smartphone Applications for Privacy Leakage'. Together they form a unique fingerprint.

    Cite this