Completed
GRINDR'S PREVIOUS ISSUES Those who cannot learn from history are doomed to repeat it
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
When Geo Goes Wrong - A Case Study of Geolocation Vulnerabilities in Mobile Apps
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 GEOLOCATION IN MOBILE APPS incorporating geolocation is the norm
- 3 How is GEOLOCATION ACCOMPLISHED (IOS)? using the Core Location Manager
- 4 GEOLOCATION (1)OS LEVEL PROTECTIONS os-level alerts
- 5 GEO CAN 'LEAK' IF THE APPLICATION IS BUGGY ...bad for users!
- 6 THEY KNOW YOUR LOCATION
- 7 COMMON CLASSES OF GEO BUGZ can compromise a user's physical location
- 8 INSECURE NETWORK COMMS
- 9 OVER PRECISE LOCATION
- 10 USER INTERFACE
- 11 EXAMPLE OF GEO BUGS buggy apps that compromised a user's physical location
- 12 STARBUCKS overpriced coffee, plus a shot of geo tracking
- 13 WHISPER the safest place on the internet - NOPE
- 14 TINDER precise geo of nearby users, allowed tracking
- 15 ANGRY BIRDS ... they are watching you play
- 16 GRINDR'S PREVIOUS ISSUES Those who cannot learn from history are doomed to repeat it
- 17 LACK OF SSL PINNING the app does not pin its certs
- 18 REPORTING OF PRECISE GEO
- 19 LOCATION SPOOFING can spoof your location as much as you want
- 20 WIDE-OPEN APIS unauthenticated, unlimited access to APIS
- 21 'BROKEN' UI LEVEL LOGIC what you see/say isn't what you get
- 22 DISCLAIMER our goal was to help Grindr under the issues
- 23 TRILATERATION determine absolute location from relative distances
- 24 USER LOCATION so lets map some users
- 25 IDENTIFYING USERS it'd be trivial to reveal anonymous user's identities
- 26 GRINDR RESPONSE foxes & current issues
- 27 QUESTIONS & ANSWERS feel free to contact us any time!