Explore the challenges and solutions for monitoring information collection behaviors of third-party SDKs in mobile applications. Learn about a static taint analyzer developed to address privacy compliance issues, based on Facebook's Mariana Trench tool. Discover how this analyzer achieves high accuracy in identifying sensitive information calls and network interfaces, overcoming the challenge of asynchronous invocation. Gain insights into the application of this tool on mainstream apps, revealing undisclosed user information collection by embedded SDKs. Understand the importance of open-sourcing such tools to benefit app developers in maintaining privacy policy compliance and protecting user data.
Overview
Syllabus
#HITB2022SIN Information Collection Of Third-party SDKs - W. Kailong W. Zeyu B. Guangdong & Z. Qing
Taught by
Hack In The Box Security Conference
