Investigating Privacy Issues on Mobile Platforms • Felix Krause • GOTO 2022

This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph Felix Krause - Creator of Fastlane & & Security & Privacy Researcher @krausefx RESOURCES ORIGINAL TALK TITLE Finding, Investigating, Report & Publishing Privacy Issues on Mobile Platforms ABSTRACT Have you used a system API, like accessing the phone’s camera, accelerometer data or photo library, and noticed how you may get information to more information than you maybe should have? How can you bend the permissions to cause the highest amount of potential damage? [...] TIMECODES 00:00 Intro 01:38 In-app browsers 02:33 Why I looked into it 04:43 Write a post 05:19 Responsible disclosure 06:45 Public comments 07:54 09:19 What else? 14:06 Hijacking SDKs 17:56 “Just don’t use the app“ 18:20 It’s our job to protect the user 19:46 Think about the worst case 20:14 Build it out 20:34 Responsible disclosure 21:20 How to go public? 22:33 Why your report might get ignored 23:04 Why going public is important 24:01 Go for it 24:42 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Nishant Bhajaria • Data Privacy • Michael Bazzell • Extreme Privacy • Liz Rice • Container Security • Liz Rice • Kubernetes Security • Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Richer & Sanso • OAuth 2 in Action • Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • #Privacy #Mobile #HowIsFelixToday #FelixKrause #KrauseFX #Fastlane #Security #InAppBrowsers #SFSafari #iOS #Apple #Safari #Android #JavaScript #TikTok #Instagram #Meta #SecurityIssues #Cybersecurity #PlatformSecurity #SDKSecurity Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.