May 20, 2014 at 6:30 PM
ISSA National Capital Chapter and OWASP Washington DC Chapter
How To Find Mobile Internet Love (Securely)
by Jack Mannino and Abdullah Munawar
As mobile dating applications grow in popularity, so does our interest in the security posture behind them. There are a vast number of mobile dating applications available for use today by anyone with a smart phone. We wanted to take a look at numerous features within these apps to determine the good, the bad, and the ugly.
We will cover popular features such as location-based services, analytics, sharing of information, in-app purchasing, and any other features we discover to be interesting. We will analyze the type of personal data being stored within these applications, communication channels used to transmit information, hardware interaction with the application, and interaction with other applications on the device. We will answer the big questions posed by those who use these apps or want to use these apps: Are these applications disclosing sensitive information? How private is the communication between me and another user? How can I be sure my data is being protected?
This talk will feature highlights from popular, obscure, and scary dating applications to answer a simple question: “Can you find love on the Internet without having your personal data exposed?”
Jack Mannino is an Application Security expert with over a decade of experience building, breaking, and securing into complex systems. Jack is Co-Founder and CEO of nVisium, while also leading research and development initiatives. With experience developing in Java, Objective-C, and C#, he performs risk assessments and penetration tests for Fortune 500 companies and government agencies. Jack also founded and leads the OWASP Mobile Application Security Project, which is a global initiative to build secure development standards for mobile. He is an active Android security researcher with a keen interest in large-scale security analysis.
Abdullah Munawar is an Application Security consultant at nVisium who specializes in mobile application testing and ripping apart new things. With over 7 years of experience, Abdullah previously worked on the security teams at financial and aviation organizations. Abdullah attempts humor on a daily basis and succeeds most of the time, every time.