Explore privacy issues on mobile platforms in this 25-minute conference talk from GOTO Copenhagen 2022. Dive into the world of in-app browsers, system API vulnerabilities, and potential privacy breaches. Learn about responsible disclosure, public reporting, and the importance of protecting users. Discover techniques for investigating and documenting security concerns, including the creation of inAppBrowser.com. Gain insights on hijacking SDKs, addressing worst-case scenarios, and navigating the challenges of public disclosure. Understand why some reports may be ignored and the significance of raising awareness about privacy issues. Leave inspired to contribute to mobile platform security and user protection.
Finding, Investigating, Report and Publishing Privacy Issues on Mobile Platforms
Overview
Syllabus
Intro
In-app browsers
Why I looked into it
Write a post
Responsible disclosure
Public comments
inAppBrowser.com
What else?
Hijacking SDKs
"Just don't use the app"
It's our job to protect the user
Think about the worst case
Build it out
Responsible disclosure
How to go public?
Why your report might get ignored
Why going public is important
Go for it
Outro
Taught by
GOTO Conferences
