Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 09:15 - 09:45
You won't even know it's recording you!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

At a time when user experience can make or break a business, app developers are turning more and more to third-party app analytics tools to help them get insight on how customers are interacting with their app. GlassBox, AppSee, Testfairy, and UXCam are a handful of popular analytics SDKs used by app developers to track in-app user behaviour, crashes, bugs, and other issues. The extent of the data collected by these Analytics and Attribution tools without it being clear in the privacy policy has raised several security and privacy concerns lately. Embedding ‘Session Replay’ technology to record the user’s screen received special attention from security researchers in the early 2019 as it can include privacy-sensitive data, such as login credentials, financial information or medical records. In this presentation we go over an in depth analysis of popular Apps we reversed, and show different methods they use to record user’s screen/session in both iOS and Android platforms. We further explain static and dynamic techniques to identify Session Replay capability in an App. We also discuss advanced techniques Apps implement to fingerprint mobile devices in the hardware, OS or Application level. Correlating this information with user’s identity, App developers or third-party analytics services can profile and attribute the user.

avatar for Elaheh Samani

Elaheh Samani

Senior Security Researcher, Symantec
Elaheh Samani is a senior security researcher at Symantec’s Modern OS Security (MOS). She’s actively researching emerging threats targeting mobile users. Previously, she worked at Google Chrome protection with the Tailored Reverse Engineer Expertise team who focused on the analysis... Read More →

Wednesday June 5, 2019 09:15 - 09:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD