Explore the world of third-party app analytics tools and their impact on user privacy in this eye-opening Security BSides London talk. Delve into the growing trend of app developers utilizing analytics SDKs like GlassBox, AppSee, Testfairy, and UXCam to gain insights into user behavior, crashes, and bugs. Examine the privacy concerns surrounding 'Session Replay' technology, which can record sensitive information such as login credentials and financial data. Learn about in-depth analyses of popular apps, uncovering various methods used to record user screens and sessions on both iOS and Android platforms. Discover static and dynamic techniques for identifying Session Replay capabilities in apps, and understand advanced device fingerprinting methods employed at hardware, OS, and application levels. Gain valuable insights into how app developers and third-party analytics services can potentially profile and attribute users by correlating this information with user identities.
Overview
Syllabus
Introduction
Session Replay
User Expectations
Air Canada Incident
SDKs
Taught by
Security BSides London