Overview
Explore the critical issue of data leakage in cloud-based mobile applications through this insightful conference talk presented at the 2019 IEEE Symposium on Security & Privacy. Delve into the root causes of significant data leaks, including lack of authentication, misuse of keys, and misconfiguration of user permissions. Learn about LeakScope, an automated tool designed to identify potential data leakage vulnerabilities in mobile apps by analyzing cloud API usage. Discover the alarming findings from an evaluation of over 1.6 million Google Play Store apps, revealing thousands of vulnerable app servers managed by major cloud providers. Gain valuable insights into the importance of responsible disclosure and the ongoing efforts to patch these vulnerabilities in collaboration with cloud service providers and mobile app developers.
Syllabus
Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps
Taught by
IEEE Symposium on Security and Privacy