Data Harvesting Capabilities of Android Apps: Period Trackers / Zmožnosti podatkovnega zbiranja Android aplikacij: spremljanje menstrualnega cikla

Aplikacije za spremljanje menstrualnega cikla so pogosto na voljo zastonj tudi zaradi načina, na katerega so subvencionirane – zbirajo namreč občutljive informacije. Koronska bo govorila o projektu, v katerem je analizirala vzorec desetih naključno izbranih aplikacij različnih izdajateljev, in v njih prisotnost analitičnih in trženjskih podjetij. Prikazala bo načine odpiranja aplikacij za analizo izvorne kode, ki omogoča delni vpogled v to, kaj se lahko dogaja s temi podatki. Četudi je trditve o dejanski rabi teh podatkov nemogoče podati brez izvedbe bolj kompleksne analize omrežij, sta cilj tega projekta in namen tega predavanja opozoriti na obstoječe ranljivosti v sistemu Android in razlike med tem, kar je zapisano v pogojih uporabe, in kaj lahko najdemo v izvorni kodi.

Period tracking applications are often free because of the way they are subsidised – they harvest vulnerable information. Koronska will talk about her project that analysed app permissions, and the presence of analytical and marketing companies in the source code in a sample of ten randomly selected applications provided by various publishers. She will demonstrate the ways in which these applications could be opened up for source – code analysis, which will provide some of the insights about what might be happening to that data. Although it is impossible to make a claim about what actually is happening to that data without performing a more complex network analysis, the aim of that project and the purpose of this lecture would be to point to existing vulnerabilities in the Android system, and discrepancies between what is written in the actual Terms and Conditions and what can be found in the source code.

                       Kamila Koronska

                       Katja Čičigoj

festivalgrounded@gmail.com

fb profilka2