SOUPS2015 2日目

Elissa M. Redmiles, Ph.D. @eredmil1

Text #classification #mobile #app text description top keywords: #gps, #location #map #restaurant #direction | #soups2015 Watanabe et. al.

A.T.O.M. @atomsoffice

methods for analyzing text descript. of #privacy resources in #mobile apps - #code analysis & text #classification #datascience #soups2015 …

Maria Wolters @mariawolters

Watanabe: used Chinese (third party) and English (official android market). ~100K apps surveyed. #soups2015

Maria Wolters @mariawolters

Watanabe: Most text descriptions do not mention privacy-sensitive resources that are used. Worse for third party Chinese market #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

learn more about the #mobile #app text #datascience project @mariawolters & I are live tweeting at #soups2015: nsl.cs.waseda.ac.jp/projects/acode/

Maria Wolters @mariawolters

Watanabe: sometimes, a small number of developers account for many apps with bad descriptions #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

47% (50,000) #mobile #app may have permission to SEND_SMS #privacy #infosec #woah from #soups2015 paper: bit.ly/1DBZcD0

Maria Wolters @mariawolters

Watanabe: In third-party market, many apps use undisclosed third-party ad libraries that need fine location. #soups2015

Maria Wolters @mariawolters

Watanabe: big risk of cross-site scripting attacks, often "dangerous permissions" not mentioned. #soups2015

Maria Wolters @mariawolters

Watanabe: ACODE can be used to identify rogue developers that spam markets with apps that want too much info #soups2015

Maria Wolters @mariawolters

This was Watanabe's first ever international presentation - congratulations on a clear (and interesting!) talk :) #soups2015

Akira Kanaoka (金岡 晃) @akirakanaoka

ACODE website nsl.cs.waseda.ac.jp/projects/acode/ #soups2015

Maria Wolters @mariawolters

Now: Cherapau on Whats and Whys of iPhone Passcode and Touch ID #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Love presentations that start with interactive exercises! Konstantin Beznosov at #soups2015 bit.ly/1KpfDdy #touchid impact #iphone

Maria Wolters @mariawolters

Cherapau: passcode strength matters bc we need to defend against on-device guess attacks. Apple only allows 1 guess per 80 secs #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

#touchid has had no significant impact on #iphone #password DESPITE #apple claims to the contrary. Findings from #soups2015 Cherapau et al

Maria Wolters @mariawolters

Two methods: Turk and in-person survey in mall. Resulted in quite representative sample #soups2015

Rob Reeder @moduloprime

Interesting talk (w great slides) on TouchID and its effects on iPhone passcode strength by @beznosov #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

#iphone #passcode is weak non-touch id and touch-id equally weak | will take 30-60 minutes to #hack #infosec #mobile #iphone #soups2015

Maria Wolters @mariawolters

People's #iPhone passcode (PINs) tend to be weak, can be cracked in 1.30h. Clear case for strong backup auth! #soups2015

Ame Elliott @ameellio

Big opportunity to help users get mobile app permissions + security. Text descriptions aren't working. bit.ly/1JD9t47 #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Want to know how quickly we can #hack your #iphone passcode? TouchID doesn't matter. @beznosov #soups2015 bit.ly/1KpfDdy

Maria Wolters @mariawolters

The second most popular reasons for ppl to use PIN, not password is that they don't know password is possible. (I didn't either!) #soups2015

Maria Wolters @mariawolters

People lock their iPhone against strangers (all), room mates, friends, family (60%) ... #soups2015

Maria Wolters @mariawolters

Most users of TouchID choose it for convenience #soups2015