Apps & Personal Data - Speaker Deck

Slide 1

Slide 1 text

http://www.egeniq.com [email protected] @egeniq APC 2012, October 8 2012 Ivo Jansch Apps & Personal Data

Slide 2

Slide 2 text

About Me @ijansch Entreprenerd Mobile & Web Developer Author & Speaker 2

Slide 3

Slide 3 text

About Egeniq Mobile Development Knowledge Distributed 3

Slide 4

Slide 4 text

Trust The Device? 4

Slide 5

Slide 5 text

Your phone knows things your friends don’t 5

Slide 6

Slide 6 text

What your phone knows: 6 Where you are Time & Date Orientation & Position Who you call

Slide 7

Slide 7 text

What your phone knows: 7 Where you are Time & Date Orientation & Position Who you are Who your wife is Your sister’s birthday Where your wife is Where you work Who you call Who emails you Who your friends are What you like Contact details

Slide 8

Slide 8 text

Privacy Policies 8

Slide 9

Slide 9 text

PlaceRaider 9 Source: http://www.technologyreview.com/view/429394/placeraider-the-military-smartphone-malware/

Slide 10

Slide 10 text

Smartphone as an eavesdropping device 10 Source: http://www.switched.com/2011/01/20/ralf-philipp-weinmann-turns-smartphone-hack-eavesdropping-device/

Slide 11

Slide 11 text

Banks use advanced privacy protection 11 Picture taken from: http://systemato.com/2012/08/my-6-favourite-android-apps/

Slide 12

Slide 12 text

... but is app protection sufficient? 12 Source: http://www.zdnet.com/mind-hackers-could-get-secrets-from-your-brainwaves-7000003267/

Slide 13

Slide 13 text

Actual Incidents 13

Slide 14

Slide 14 text

Incidents ‣ iPhone Location Tracking (2011) • http://www.nytimes.com/2011/04/28/technology/28apple.html? _r=2& • Accident ‣ Path Address Book Upload Controversy (2012) • http://www.theverge.com/2012/2/8/2785217/path-ios-address- book-upload-ceo-apology • Naivety, good intentions ‣ Google Play Malware ‘grand theft auto’ (2012) • http://www.informationweek.com/security/attacks/more-android- malware-pulled-from-google/240003514?itc=edit_in_body_cross • Bad intentions 14

Slide 15

Slide 15 text

Potential Threat: Free Apps 15

Slide 16

Slide 16 text

“WAKE UP LITTLE PIGGIES!!” 16 Source: http://geekandpoke.typepad.com / http://www.l-i-n-k-e-d.com/no-free-lunch-except-for-bacon/

Slide 17

Slide 17 text

Potential Threat: Single Sign On 17

Slide 18

Slide 18 text

Apps often prefer Social Login 18

Slide 19

Slide 19 text

SSO means: 3 way relationships 19 Some Game Identity Provider

Slide 20

Slide 20 text

SSO means: 3 way relationships 20 Some Game Identity Provider Access to your facebook, twitter data Access to your game data - and your friends’ data - and other app data Easier login, Access to your friends

Slide 21

Slide 21 text

Thank you! Questions? http://www.egeniq.com [email protected] @egeniq http://www.egeniq.com [email protected] @ijansch