Loading Events

Taking Responsibility for Someone Else’s Code: Studying the Privacy Behaviors of Mobile Apps at Scale

Home » Events » Taking Responsibility for Someone Else’s Code: Studying the Privacy Behaviors of Mobile Apps at Scale

  • This event has passed so registration is closed.

Sponsor

Interested in getting your message in front of a targeted audience? Click on the link to explore sponsorship opportunities.

Details

Date and Time

April 20 @ 1:00 pm - 2:00 pm EDT

Event Category

Web Conference

Organizer

Sponsorship Contact

 

Send an email to

Overview

Modern software development has embraced the concept of “code reuse,” which is the practice of relying on third-party code to avoid “reinventing the wheel” (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs. I will provide an account of the most common types of violations that we observe and how app developers can better identify these issues prior to releasing their apps.

Moderator

Janelle Hsia – Principal, Privacy SWAN Consulting

Janelle Hsia is a trusted advisor for strategic and tactical decision making within organizations of all sizes.  She focuses on privacy and security while bringing a diverse background in leadership, business, security, privacy, and technology spanning over 20 years.  Her experience integrating privacy with security and technology helps companies operationalize their privacy and security requirements.  Her passion is creating comprehensive and tailored data governance programs for SMBs with a global presence. She is a National ISSA Privacy SIG Tri-Chair, CSA CO BoD, and an IAPP OTP. She holds the following certifications CIPM, CIPT, CIPP/US/E, CISA, PMP, and GSLC.

See Janelle Hsia‘s full profile.

Speaker/s

Serge Egelman – CTO, AppCensus

Serge Egelman is the Research Director of the Usable Security and Privacy group at the International Computer Science Institute (ICSI), which is an independent research institute affiliated with the University of California, Berkeley. He is also CTO and co-founder of AppCensus, Inc., which is a startup that is commercializing his research by performing on-demand privacy analysis of mobile apps for developers, regulators, and watchdog groups. He conducts research to help people make more informed online privacy and security decisions, and is generally interested in consumer protection. This has included improvements to web browser security warnings, authentication on social networking websites, and most recently, privacy on mobile devices. Seven of his research publications have received awards at the ACM CHI conference, which is the top venue for human-computer interaction research; his research on privacy on mobile platforms has received the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies and the USENIX Security Distinguished Paper Award, has been cited in numerous lawsuits and regulatory actions, as well as featured in the New York Times, Washington Post, Wall Street Journal, Wired, CNET, NBC, and CBS. He received his PhD from Carnegie Mellon University and has previously performed research at Xerox Parc, Microsoft, and NIST.

See Serge Egelman‘s full profile.

ISSA Webinars and Conference series cover all the continuing education credits to maintain your cyber security certifications. (CPEs, CEUs, ECE, etc). Each hour is equal to one continuing education credit. Certificates of completion are available upon request after completion. For instructions, click here.

Scroll to Top