Completed
USER LOCATION so lets map some users
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
When Geo Goes Wrong - A Case Study of Geolocation Vulnerabilities in Mobile Apps
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 GEOLOCATION IN MOBILE APPS incorporating geolocation is the norm
- 3 How is GEOLOCATION ACCOMPLISHED (IOS)? using the Core Location Manager
- 4 GEOLOCATION (1)OS LEVEL PROTECTIONS os-level alerts
- 5 GEO CAN 'LEAK' IF THE APPLICATION IS BUGGY ...bad for users!
- 6 THEY KNOW YOUR LOCATION
- 7 COMMON CLASSES OF GEO BUGZ can compromise a user's physical location
- 8 INSECURE NETWORK COMMS
- 9 OVER PRECISE LOCATION
- 10 USER INTERFACE
- 11 EXAMPLE OF GEO BUGS buggy apps that compromised a user's physical location
- 12 STARBUCKS overpriced coffee, plus a shot of geo tracking
- 13 WHISPER the safest place on the internet - NOPE
- 14 TINDER precise geo of nearby users, allowed tracking
- 15 ANGRY BIRDS ... they are watching you play
- 16 GRINDR'S PREVIOUS ISSUES Those who cannot learn from history are doomed to repeat it
- 17 LACK OF SSL PINNING the app does not pin its certs
- 18 REPORTING OF PRECISE GEO
- 19 LOCATION SPOOFING can spoof your location as much as you want
- 20 WIDE-OPEN APIS unauthenticated, unlimited access to APIS
- 21 'BROKEN' UI LEVEL LOGIC what you see/say isn't what you get
- 22 DISCLAIMER our goal was to help Grindr under the issues
- 23 TRILATERATION determine absolute location from relative distances
- 24 USER LOCATION so lets map some users
- 25 IDENTIFYING USERS it'd be trivial to reveal anonymous user's identities
- 26 GRINDR RESPONSE foxes & current issues
- 27 QUESTIONS & ANSWERS feel free to contact us any time!