Ruhr-Uni-Bochum

Martina Lindorfer (TU Wien)

"Shedding Light on Data Collection and Security Issues in Modern Apps"

Copyright: TU Wien Informatics

Wann: 23.04.2024, 14:00 Uhr
Wo: Gebäude TZR ("MB"), Ebene 1, Raum S-MO-104, Universitätsstraße 142, 44799 Bochum
Online-Teilnahme: Zoom-Webinar

Abstract: Mobile phones are an integral part of every aspect of our daily lives and we use them, through a plethora of apps, for everything from communicating, to shopping and banking, to controlling the devices in our smart homes. With the goal of maximizing user experience, apps collect and process an increasing amount of private information. With the rising popularity of IoT devices, we often give up even more private information about our daily lives and habits for the sake of the convenience.

This private information has become a commodity: tech monopolies and shadow brokers collect and aggregate data, not only to provide tailored content, but also for market research and targeted advertising. This process is far from transparent and our data is not always in trustworthy and secure hands. Even developers with the best intentions are faced with supply chain issues when integrating libraries, external tools, and services. While existing legislation like the GDPR, CCPA, and upcoming ones like the Cyber Resilience Act aim to protect consumers against privacy invasions and insecure products, the required techniques for automated technical analyses for their enforcement remain an open challenge.

In this talk, I will present our ongoing research on developing scalable static and dynamic program analysis techniques for modern mobile and web-based apps, including their integration with IoT devices, for large-scale measurements to enable transparency and accountability in the way apps process and share private information. I will also discuss while recent privacy developments by Apple and Google seemingly increase transparency, there remains a lack of enforcement and accountability when it comes to how apps handle our data. Finally, I will touch on how new app programming paradigms break expected security and privacy guarantees.

Bio: Martina Lindorfer is a tenured Associate Professor at TU Wien, which she joined as an Assistant Professor at the end of 2018, as well as a key researcher at SBA Research, the largest information security research center in Austria. She received her PhD from TU Wien in 2016 and spent two years as a postdoc at the University of California, Santa Barbara. Her research and outreach activities have been recognized with the ERCIM Cor Baayen Young Researcher Award, the ACM CyberW Early Career Award for Women in Cybersecurity Research, as well as the Hedy Lamarr Award for special achievements in the field of modern information technologies from the City of Vienna.

Her research focuses on applied systems security and privacy, with a special interest in automated static and dynamic analysis techniques for the large-scale analysis of applications for malicious behavior, security vulnerabilities, and privacy leaks. Building on her background on malware analysis, she currently focuses on the analysis of mobile apps to enable transparency and accountability in the way they process and share private and sensitive information. For example, some of the techniques she develops help uncover new and unexpected ways in which apps are violating users' privacy expectations.

Zum YouTube-Video