Privacy Scores for iOS Apps

ShmooCon XVI - 2020

Presented by: Noelle Garrett
Date: Saturday February 01, 2020
Time: 14:00 - 14:50
Location: Build It!

Privacy scores are a system for rating mobile apps on their use of private data. The source code behind the most popular mobile apps can often be difficult to gain access to. This means that the only information the user has on how their private data is handled by an application is through the vague privacy permissions users can grant. However, users don’t know what the app has been programmed to do with the data it has permissions to access, nor can users see what other information the app has access to without the user’s expressed approval. Using mitmproxy, the network traffic which Apple devices send out and receive can be intercepted and inspected, in order to see what data is being transmitted by different mobile apps. With the captured traffic, privacy scores are assigned to different applications based on four factors critical to measuring privacy.

However, privacy scores are not a complete solution for informing users about the private information their applications are using. The process for monitoring information flowing to/from iOS devices is already becoming thwarted by new techniques. It will only become more difficult for users to monitor the release of their private information as time advances.

Noelle Garrett

Noelle Garrett is a cadet at the United States Military Academy. Noelle is an Information Technology major with a minor in Eurasian studies. She is currently in her senior year at the academy and will become an US Army Cyber officer upon graduation.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats