Sign In

Communications of the ACM

ACM TechNews

Researchers Develop System to Control Information Leaks From Smartphone Apps

A research team has found leakage of users personal identifying information from apps on mobile devices, including passwords.

A research team at Northeastern University has developed the ReCon cloud-based system to detect leaks of users' personal identifying information, including passwords, from mobile devices, and provide the tools to stop them.

Credit: Matthew Moodono/Northeastern University

Northeastern University researchers say they have found "extensive" leakage of users' information into network traffic from apps on mobile devices, including iOS, Android, and Windows phones.

However, the researchers say they also found a way to stop the flow.

They have developed ReCon, a cloud-based system that detects leaks of personally identifiable information, alerts users to those breaches, and enables users to control the leaks by specifying what information they want blocked and from whom.

The researchers studied 31 mobile device users who used ReCon for a period of one week to 101 days and then monitored their personal leakages through a ReCon secure Web page. The researchers found 165 cases of credentials being leaked in plaintext. In addition, of the top 100 apps in each operating system's app store that participants were using, more than 50 percent leaked device identifiers, more than 14 percent leaked actual names or other user identifiers, between 14 and 26 percent leaked locations, and three leaked passwords in plaintext.

"Our system is designed to use cues in the network traffic to figure out what kind of information is being leaked," says Northeastern professor David Choffnes.

From Northeastern University News
View Full Article


Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


No entries found