Forensic Analysis of Smartphone Applications for Privacy Leakage

Diana Hintea, Sandy Taramonli, Bob Bird, R. Yusuf

Research output: Contribution to conferencePaper

Abstract

Smartphone and tablets are personal devices that have diffused to near universal ubiquity in recent years. As Smartphone users become more privacy-aware and -conscious, research is needed to understand how “leakage” of private information (personally identifiable information – PII) occurs. This study explores how leakage studies in Droid devices should be adapted to Apple iOS devices. The OWASP Zed Attack Proxy (ZAP) is examined for 50 apps in various categories. This study confirms that: (1) most apps transmit unencrypted sensitive PII, (2) SSL is used by some recipient websites, but without corresponding app compliance with SSL, and (3) most apps in iOS environments reveal (leak) smartphone version. The paper concludes that much additional work is needed to assess the privacy dominance between platforms and to raise user awareness of smartphone privacy intrusions
Original languageEnglish
Publication statusPublished - Apr 2016
Event11th Annual ADFSL Conference on Digital Forensics, Security and Law - Daytona Beach, United States
Duration: 24 May 201626 May 2016
Conference number: 11

Conference

Conference11th Annual ADFSL Conference on Digital Forensics, Security and Law
CountryUnited States
CityDaytona Beach
Period24/05/1626/05/16

Bibliographical note

This paper is not available in Pure.

Fingerprint Dive into the research topics of 'Forensic Analysis of Smartphone Applications for Privacy Leakage'. Together they form a unique fingerprint.

  • Cite this

    Hintea, D., Taramonli, S., Bird, B., & Yusuf, R. (2016). Forensic Analysis of Smartphone Applications for Privacy Leakage. Paper presented at 11th Annual ADFSL Conference on Digital Forensics, Security and Law, Daytona Beach, United States.