Investigating Privacy Issues on Mobile Platforms • Felix Krause • GOTO 2022
About this talk
This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph http://gotocph.com Felix Krause - Creator of Fastlane & howisfelix.today & Security & Privacy Researcher @krausefx RESOURCES https://inappbrowser.com https://howisfelix.today ORIGINAL TALK TITLE Finding, Investigating, Report & Publishing Privacy Issues on Mobile Platforms ABSTRACT Have you used a system API, like accessing the phone's camera, accelerometer data or photo library, and noticed how you may get information to more information than you maybe should have? How can you bend the permissions to cause the highest amount of potential damage? [...] TIMECODES 00:00 Intro 01:38 In-app browsers 02:33 Why I looked into it 04:43 Write a post 05:19 Responsible disclosure 06:45 Public comments 07:54 inAppBrowser.com 09:19 What else? 14:06 Hijacking SDKs 17:56 "Just don't use the app" 18:20 It's our job to protect the user 19:46 Think about the worst case 20:14 Build it out 20:34 Responsible disclosure 21:20 How to go public? 22:33 Why your report might get ignored 23:04 Why going public is important 24:01 Go for it 24:42 Outro Download slides and read the full abstract here: https://gotocph.com/2022/sessions/2285 RECOMMENDED BOOKS Nishant Bhajaria • Data Privacy • https://amzn.to/3lGjv4g Michael Bazzell • Extreme Privacy • https://amzn.to/3KeLwKA Liz Rice • Container Security • https://amzn.to/3oU4iJe Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075 Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6 Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • https://amzn.to/2U8iLY2 https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #Privacy #Mobile #HowIsFelixToday #FelixKrause #KrauseFX #Fastlane #Security #InAppBrowsers #SFSafari #iOS #Apple #Safari #Android #JavaScript #TikTok #Instagram #Meta #SecurityIssues #Cybersecurity #PlatformSecurity #SDKSecurity CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Stay Updated
Get notified about new features and conference additions.
