In this project we’ll look at the data shared by a set of similar apps on Android phones with a view to assessing their privacy. Typically there have been no measurements studies of the actual data shared by apps “in the wild”. Since network traffic is encrypted the project will involve some “white hat” hacking using a rooted phone running Frida and a man-in-the-middle attack to defeat the encryption – we’ll provide the phone, no need to use your own. Since it will likely involve a bit of reverse engineering to bypass defences inside the apps the project would best suit a good programmer familiar with Java and Android. If you have a preference as to apps to study then we can look at the apps you’re interested in, otherwise the following sets of apps will probably be interesting to look at:
- Shopping apps popular in Europe e.g. Amazon, Zalando, Shein, Temu .
- Dating apps e.g. Tinder.
- App stores e.g. Google Play, Apple app store. Preliminary work suggests that both the Google Play store app and Apple app store track user interactions without asking for consent or providing an opt out, but a more systematic investigation is needed.
To give you an idea of what’s involved some previous examples of this type of analysis applied to COVID contact tracing apps are: