Network Forensics Analysis of iOS Social Networking and Messaging Apps

摘要

What type of user data are the mobile applications sending? With the plethora of mobile applications available on the online stores, most of the users are unaware about the security risks they may pose. These include breaching end user's privacy by sharing unencrypted private and sensitive data to app's own server or third parties without user's approval. In this research, we tested 70 iOS applications dynamically through network penetration. Out of these, 20 apps were popular social networking and messaging applications. These were analyzed for their runtime behavior and their network traces were used for reconstruction of application layer payload. In about 15 apps out of 20, we were able to trace and reconstruct at least one of the entire message content, user's location, email credentials (including passwords), social networking credentials, profile images or tweeted messages. Apart from that, network traffic of 50 iOS applications was captured to check how end user's data is shared over the network. It was particularly found that many apps share authorized/unauthorized information of app user in unencrypted form. Apart from testing run-time behavior of applications proposed work can be used to warn app developers about unintentional security holes.