Attorneys are often shocked at how much deeply probative evidence, both live and deleted, can be data mined from today’s smart phones and tablets. With the surging adoption of mobile apps for communications, commerce, navigation, and other capabilities, new issues with data security and privacy are developing. This session will explore new evidence modalities, relevance, admissibility, and topical issues with mobile apps that impact investigations and litigation.
How AI, OpenAI, and ChatGPT impact business and software.
There's an App for That: Digital Forensic Realities for Mobile App Evidence, Security and Privacy
1. Mobile
Forensics
World
June
3,
2013
John
J.
Carney,
Esq.
There’s
an
App
for
That
Digital
Forensic
Reali6es
for
Mobile
App
Evidence,
Security
and
Privacy
3. Generations of App Computing
When Generation Companies Languages
1960s Mainframes IBM, Cray Cobol/Fortran
1970s Minicomputers DEC, Wang PL/I, C
1980s Personal Computers Microsoft, Apple C++, VB
1995 Internet Computing Google, Yahoo Java, C#, PHP
2005 Mobile Computing Apple, Google Obj-C, Ruby
4. Mobile App Evidence Realities
■ “There’s An App for That”
■ App Platforms
■ App Families
■ App Privacy
■ App Data Security
■ App Plug-in Development
■ App Futures
7. “There’s An App for That”
■ Small, downloadable chunks of software
■ Access to info in neatly packaged format
■ Simplicity, cheapness, instant gratification
■ Intuitive because rely on phone’s sensors
■ Accelerometers, gyroscopes, inbuilt GPS
■ Don’t need constant connection to Internet
■ Launch faster than PC software
■ Top ten are 43% of usage; top fifty are 61%
11. Mobile Apps – Families to Watch
■ Mobile Messaging
■ Mobile Messaging (Retention / Expiration)
■ Personal Navigation (GPS)
■ Payment
■ Social Media
■ Photo Sharing
■ Document Creation
■ Web Mail
■ Productivity
■ Storage/Backup
■ Spyware
18. iPhone Personal Navigation Apps
■ Garmin StreetPilot
Onboard
■ Magellan
RoadMate
■ TomTom App
■ NAVIGON
MobileNavigator
■ Google Maps
■ Nokia Maps
■ CoPilot Live
■ MotionX GPS Drive
■ MapQuest
Navigator
■ TeleNav
■ AT&T Navigator
19. Android Personal Navigation Apps
■ Google Maps
■ Nokia Maps
■ NAVIGON MobileNavigator
■ CoPilot Live
■ MapQuest Android Nav App
■ TeleNav
■ Waze – Social GPS
■ Sygic GPS Navigation
■ iGO My Way
23. Mobile Messaging Apps
• Make
That
20
Billion
Messages
• Popular
“SMS
Killers”
• Use
Internet
and
App
Servers
• Text
Free
from
Costs
&
Quotas
• Mul6-‐plaPorm
for
Many
Devices
• Global
to
Bypass
Country
Limits
24. Mobile Messaging Apps
• Evidence
Recovery
Challenging
• Unaware
of
Exploding
Use
in
US
• Subpoena
or
Court
Order
Issues
• Not
Easily
Data
Mined
by
Expert
• Advanced
Decoding
&
Tools
Required
to
Recover
&
Produce
37. App Privacy
“Get It Right From The Start”
■ Privacy Recommendations from the FTC
■ Build Privacy into Apps
■ Practice “Privacy by Design”
■ Limit Information Collected
■ Securely Store What Held
■ Safely Dispose of Information
■ Use App Defaults Users Expect
■ Do Mobile Apps Get It Right?
38. App Privacy
PiOS: Detecting Privacy Leaks in iOS Apps
■ Academics Published Study Using Novel Analysis Tool
■ Tested 1,400 iPhone Apps for Privacy Threats
■ 825 Free Apps Vetted by Apple and Available through AppStore
■ 582 Jailbroken Apps from Cydia (not associated with Apple)
■ Sensitive Information Sources Giving Rise to Privacy Leaks:
39. App Privacy
PiOS: Detecting Privacy Leaks in iOS Apps
■ Did the 1,400 iOS Apps Get It Right?
■ Most Leaks Supply Access to Unique DeviceID Allows Hackers to Create
Detailed Profiles of Users’ App Preferences and Usage Patterns
40. App Data Security
Critical Role of Mobile Apps Data Security
Protection Required:
■ Personally Identifiable Information (PII)
■ Personal Health Information (PHI) - HIPAA
■ Consumer Personal Nonpublic Information – GLBA
■ Student Records – FERPA
■ Security Credentials
■ Trade Secrets
■ Confidential Information
■ Personal Identity and Reputation
“68%
of
mobile
device
owners
who
have
not
adopted
financial
apps
are
holding
back
due
to
security
fears.”
–
Mobile
Banking,
Consumer
Security
PracIces
and
the
Growing
Risks
to
Banks,
Research
Report,
Metaforic,
2012
41. App Data Security
Study and Findings: Sensitive User Data Stored on Mobile Devices
■ 100 Popular Consumer Apps Tested
■ iPhone and Android Platforms
■ Finance, Social Media, Productivity, Retail Apps Segments
■ Download, Install, Populate Apps with Marked Data
■ Username, Password, Private App Data
■ Analyze Mobile Device Forensically for Data Exposure
■ Rate Results on Pass/Warn/Fail System
■ Expert Judgments Based On:
■ Security Best Practices, Likely User Expectations, Quantity and Specific
Nature of Data Exposed
42. App Data Security
Study and Findings: Sensitive User Data Stored on Mobile Devices
■ Overall Only 17% of Apps Pass
43. App Data Security
Study and Findings: Sensitive User Data Stored on Mobile Devices
■ 44% of Financial Apps Pass and Are Most Secure
■ 74% of Social Media Apps Fail and Are Least Secure
■ No Social Media Apps Pass App Data Test
■ 4 Social Media Apps Stored Device Passwords in Clear Text
■ Only 3 Productivity Apps Pass
■ 11 Productivity Apps Failing are E-mail Apps
■ No Retail Apps Pass
■ Overall
Results:
47. App Plug-in Development
Case Study in App Forensics Development
• App Chosen Is “Burner” – Disposable Phone Numbers
• Family: Mobile Messaging App – Retention / Expiration
• By Ad Hoc Labs, Inc.
• TIME Magazine’s Top 10 Apps of 2012
• Featured in Wired and Engadget
48. Plug-in Development Environment
• Goals
• Least Intrusive (Phone Handset Experimentation)
• Portable
• Standard
• Cost Effective
• Windows7 VMware Virtual Machine
• Android SDK Emulator Creates Virtual Test Phones
• Supports SMS, Voice, Voice Messages, VOIP
• APK App Downloader for Chrome to Download Apps from Google Play
Store
• Android Debug Bridge (ADB) to Install Apps
• IDE – Vim, Eclipse, Notepad++
49. Plug-in Decoding and Development
• App Decoding Using
• UFED Physical Analyzer
• UFED Plug-ins – YAFFS2, Android Content, SmartFat, ExtX
• Viewers – SQLite, XML Preference Files, Text
• Diff
• Plug-in Development Using
• Iron Python Shell
• Method Auto-completion
• Browse Loaded Objects
• Iron Python Libraries for Scripting
• UFED Plug-in Packager
• Converts Python Script into Plug-in
51. Plug-in Results
• Only Passwords Are Encrypted
• App Data Stored in SQLite Database Openly & Unprotected
• Until Phone Number Expires and App Data Wiped
Lessons
• Examiners Can Decode Apps
• Examiners Can Author App Plug-ins
52.
53. Mobile App Futures
■ Wearables
■ Smart Watches
■ Sony SmartWatch – >200 Android Apps Available
■ Pebble Watch – Apps Platform
■ i’m Watch – Android Apps
■ MetaWatch STRATA and FRAME – iOS Apps
■ WIMM One – Android Apps
■ Apple iWatch – iOS Apps (presumably)
54. Mobile App Futures
■ Wearables
■ Google Glass – Apps Platform is “Glassware”
■ Facebook
■ Twitter
■ Tumblr
■ Evernote
■ Elle Magazine
■ CNN
■ Ice Breaker