Overview
Explore a cutting-edge approach to detecting privacy data leaks in Android applications in this 30-minute Black Hat conference talk. Delve into the challenges of privacy data protection in regions with strict regulations like GDPR. Learn how to hook system-level functions used for TCP, OpenSSL, and cipher methods to obtain network traffic and encrypted data, enabling the decryption of TLS traffic and automatic detection of privacy data transmission behaviors. Discover research findings on hook points, TCP-TLS traffic decryption, and HTTP/2 header decoding. Gain insights into improving automated analysis tools for privacy compliance testing. Presented by security experts from OPPO and Huazhong University of Science and Technology, this talk offers valuable knowledge for manufacturers and developers concerned with privacy protection and regulatory compliance in Android app development.
Syllabus
Privacy Detective: Sniffing Out Your Data Leaks for Android
Taught by
Black Hat