Conference: Mobile applications and privacy

🕒 10 month(s) ago

Hello!

Here are two events to get the year off to a good start.

The association 42l invites you to discover the Exodus Privacy association through a conference and a workshop held by two of its members.

Exodus Privacy is a 1901 law association run by hacktivists.

They're developing a platform (named εxodus) to analyze the respect of privacy by Android applications. This platform provides the public with reports listing, among others, trackers embedded in Android applications.

During this conference, Exodus will present its tools as well as the issues for our privacy that the trackers that have invaded our smartphones represent.

This conference will be hosted by:

• MeTaL_PoU, president of Exodus Privacy and creator of educational content
• pnu_, in charge of the development of εxodus.

The conference will take place on Saturday, January 18th at 14 p.m. and will last one hour.

Find the recording of the talk on our PeerTube channel or Studios 42's YouTube channel.

Slides available here

Attending the conference as an outsider

Aren't you a student at the school? That's no problem, you can still attend. That said, please follow these instructions:

• You must notify us of your presence (via Mastodon or by email for the moment);
• You must give at least 12 hours notice ;
• You must be present in front of the school at least 15 minutes before the start of the event.

We can welcome a maximum of 10 external people.

Workshop: What's hidden in your phone

Is your mobile phone intrusive?

Following its conference, the Exodus team will present the PiRogue, a device based on Kali Linux that facilitates the interception and analysis of network traffic, in order to better understand how Android applications collect and share your personal data.

It will also be an opportunity to discover practices and tools that can improve the protection of your privacy.

Come with your phone to take part in the experience!

For space reasons, the workshop is restricted to 42 school students and will be held January 18th from 3:30 to 4:30 p.m. (Valhalla)

Summary of the workshop

Some notes taken during the workshop by Brume, below :

After a quick round table discussion where students are asked to share their favourite applications, Exodus team introduces us the PiRogue. This is a free/libre tool that emits an open wifi network and intercepts all DNS queries made on this network.

Students connect to the wifi network through their mobile phone and we watch everyone's DNS queries on a screen. There are a lot of queries to Google or Facebook. For the rest of the workshop, we use a test phone with Deliveroo as the only application installed. We perform a dynamic analysis of Deliveroo live.

Thanks to PiRogue, we can intercept all GET and POST requests, deciphered. We can thus see that the screen resolution, the ad ID, the phone brand, the SIM card brand, the Android ID as well as the IP are sent to Facebook as soon as the application is launched.

The workshop ends with a few questions from the students.

See you soon,

N&B