Presentation is loading. Please wait.

Presentation is loading. Please wait.

App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual.

Published byPhilomena Hampton Modified over 9 years ago

Similar presentations

Presentation on theme: "App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual."— Presentation transcript:

1 App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual 1

2 What I’ll speak about today 1.What are app rights and permissions - the good, the bad and the *OMG* !!!11 2.An overview of Rights (on Android) 3.Why you no RTFMP !?! (read the f…. permissions) 4.Can I haz Cheeseburger Your Phone Contacts? Weighing off risk vs. return. 5.Why you no RTFMT&C !?! (read the f… terms & conditions) 6. All your BaseEverything Are Belong To UsUSA! 7.Helppp!! 2

3 App rights (also called: permissions) – A horrible beauty we’ve made… Every smartphone is a miniature computer with sensors (GPS, gyrometres, etc)  On the internet we all speak English Chinese French TCP/IP *  Many of the vulnerabilities of TCP on a computer apply also to smartphones  But infinitely worse are unreasonable permissions you grant to apps App rights are not evil from birth – they are limits to what apps can or cannot do →Rights allow software to access either the hardware features of a phone, such as the camera, a user’s personal information (calendar, contacts) or the phone’s GPS coordinates This way information, can be combined with automatic actions. THAT. IS. Beautiful… But if you give too many rights, it’s possible you give away too much about yourself Really nasty, if wrong information is cross-referenced * Sometimes also UDP 3

4 Android OS – Permissions 1/2 4

5 Android OS – Permissions 2/2 5

6 Urgh… that’s a lot of rights 6

7 Before you install: read your rights - do they match the use you think you’ll have for the app? So much “FAIL” that one facepalm just isn’t enough… 7

8 After you install an app: limit rights – you are in control So much “FAIL” that one facepalm just isn’t enough… 8

9 Exercise 1 – Spot the potentially dishonest app 9

10 Does your mother know… … as much about you, as Facebook, Skype and Twitter do? 10

11 Let’s zoom in 11

12 Feeling a bit queasy? Good. ‘Cause there’s more. 12

13 Knowing your Rights? Not enough – The example of the SpotifySpytify Terms & Conditions “ With your permission, we may collect information stored on your mobile device, such as contacts, photos or media files.” “We may also collect information about your location based on, for example, your phone's GPS location or other forms of locating mobile devices (e.g Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).” “We may share information with advertising partners in order to send you promotional communications about Spotify or to show you more tailored content, including relevant advertising for products and services that may be of interest to you, and to understand how users interact with advertisements. The information we share is in a de-identified format (for example, through the use of hashing) that does not personally identify you.” WTF? From Spotify’s first try at new Terms & Conditions: So much “FAIL” that one facepalm just isn’t enough… 13

14 Okay. So who else wants my data? 14

15 The Government. It has you. Because Internet. 15

16 The Government. It has you. Because Internet. 16

17 Ok. Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaargh! So what do I do? Check those app permissions If several apps available with the same function, choose the one with fewer rights If an app is for free, it´s likely your data is the true price you pay Read the f+*#ing permissions! Read the Terms & Conditions (and the Privacy Statement, if there is one) Learn how the company behind the app says it will use your data Keep an eye out for changes to the Terms & Conditions Read the f+*#ing conditions! Lock down rights/permissions On iOS: go to Settings > Privacy and turn off as much as you can Yes, give up on a few comforts On Android: consider “CyanogenMod” to limit app access rights Shame privacy violators on the social networks It´s your internet. If you don´t say “no”, the default is “take all my data already!” “The Government” knows maybe. If you let it. 17

18 Ok. Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaargh! So what do I do? Use open-source apps and Encrypt! Encrypt! Encrypt! This, strictly speaking, has nothing to do with app rights/permisssions But is important to protect your privacy DITCH YOUR STANDARD APPS!!! Go to https://prism-break.org/en/ (plus: consider Text Secure / Signal for IM)https://prism-break.org/en/ Go to https://www.eff.org/secure-messaging-scorecardhttps://www.eff.org/secure-messaging-scorecard Come back to Privacy Salon Vulnerabilities in apps or protocols are discovered daily App Rights, T&Cs or shareholdings (!) can change But most importantly 18

19 One Last Thing 19

20 A word about that fingerprint reader… 20

21 A word about that fingerprint reader 21

22 A word about that fingerprint reader 22

23 Thank You 23

Download ppt "App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual."

Similar presentations

Little Big Brains: Mobile Application Production by: Jose, Francis, Xuong.

Little Big Brains: Mobile Application Production by: Jose, Francis, Xuong.
What is an application?. An application is... An application (or app) is a type of software that allows you to perform specific tasks! Applications for.

What is an application?. An application is... An application (or app) is a type of software that allows you to perform specific tasks! Applications for.
Don’t be bullied, or be a bully.

Don’t be bullied, or be a bully.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Online Holiday Shopping Brings Great Deals – and Fraud This lesson is part of the iKeepCurrent TM Program, provided by iKeepSafe TM.

Online Holiday Shopping Brings Great Deals – and Fraud This lesson is part of the iKeepCurrent TM Program, provided by iKeepSafe TM.
Skype – Safe, Secure and Legal Tony Brett Deputy Head of Information and Support Group Head of IT Support Staff Services Oxford University Computing Services.

Skype – Safe, Secure and Legal Tony Brett Deputy Head of Information and Support Group Head of IT Support Staff Services Oxford University Computing Services.
Mobile Applications: Changes in social networking and mobile phones By Elias Chesy.

Mobile Applications: Changes in social networking and mobile phones By Elias Chesy.
Android 4.0 ICS An Unified UI framework for Tablets and Cell Phones Ashwin. G. Balani, Founder Member, GTUG, Napur.

Android 4.0 ICS An Unified UI framework for Tablets and Cell Phones Ashwin. G. Balani, Founder Member, GTUG, Napur.
Trends in computing- Mobile phones

Trends in computing- Mobile phones
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Hidden Apps Carrier IQ and Privacy in Mobile Devices.

Hidden Apps Carrier IQ and Privacy in Mobile Devices.
Onetouch Cloud Backup.

Onetouch Cloud Backup.
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
How the Internet Works Jon Crowcroft,

How the Internet Works Jon Crowcroft,
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Shala Sylvester, Dejah Sanford, Stephanie Hicks, Tierra Beason.

Shala Sylvester, Dejah Sanford, Stephanie Hicks, Tierra Beason.
System Components Hardware overview for Apollo ACS.

System Components Hardware overview for Apollo ACS.
Scams Stevie's Scam School videos

Scams Stevie's Scam School videos
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

Similar presentations

Ads by Google