We're pleased to announce that the Wall Street Journal has published the latest in their "What They Know" series. This installment prominently displays the research of EA consultants.
Please have a look at the WSJ's description of our methodology before digging into the feature on wsj.com. They have created some fantastic visualizations of the data leakage which are available on blogs.wsj.com.
EA would like to thank to Mike, Jeremy and Raj at Intrepidus Group. Their open source Mallory proxy was critical to the success of this project.
We'd also like to thank Dan Cornell at Denim Group for his open source SmartFonesDumbApps toolset.
Update: Slashdotted
Update: Apple, App Makers Sued Over User Tracking
We'd also like to thank Dan Cornell at Denim Group for his open source SmartFonesDumbApps toolset.
Update: Slashdotted
Update: Apple, App Makers Sued Over User Tracking
Great work. The article was fascinating. How were you able to use Mallory to do a MITM on SSL encrypted traffic? I assume the apps are not using digital certificates to ensure the identity of the remote servers, thereby allowing you to MITM their traffic? If they were to rely on public rooted certificates (eg. from VeriSign), then you would not be able to do a MITM on the SSL traffic.
ReplyDeleteUnfortunately the WSJ has asked us to refrain from posting details of our methodology but you can rest assured that we were indeed able to perform MITM on SSL traffic.
ReplyDelete