We've been installing apps on our smartphones for almost two decades now. The iPhone and Android app stores kicked off in 2008 and we still, to this day, have no real way to know what's in them. It turns out that most apps are an amalgamation of software libraries and development kits from various third party vendors, so often even the makers of apps don't fully understand the makeup of their products. Lisa LeVasseur from Internet Safety Labs has worked to build tools to dissect and inspect our apps and help us understand what they're really doing.

Interview Notes

Internet Safety Labs: https://internetsafetylabs.org/

App Microscope: https://appmicroscope.org/ 

Interview with Dr. Johnny Ryan on real-time bidding: https://podcast.firewallsdontstopdragons.com/2021/08/02/selling-you-out-to-the-highest-bidder/ 

Dark Patterns interview: https://podcast.firewallsdontstopdragons.com/2020/11/16/dark-patterns-part-1/ 

Using Burp Suite to intercept HTTP traffic: https://portswigger.net/burp/documentation/desktop/getting-started/intercepting-http-traffic 

Exodus Privacy: https://exodus-privacy.eu.org/en/ 

Henrietta Lacks: https://en.wikipedia.org/wiki/Henrietta_Lacks 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

My social media: https://firewallsdontstopdragons.com/contact/ 

Give the gift of privacy and security: https://fdsd.me/coupons 

Recommend news stories: send to news [at] firewallsdontstopdragons.com 

Send me your questions! https://fdsd.me/qna 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:00: Intro

0:00:31: Note on 23andMe

0:01:35: Follow my social media

0:01:58: Signal debacle

0:02:39: Interview setup

0:07:06: What is Internet Safety Labs and what do you do there?

0:09:49: What are the privacy risks with EdTech?

0:16:31: How did the pandemic impact EdTech software?

0:19:02: How does the "notice and consent" model work with EdTech software?

0:25:26: Do app makers even know what's in their own software?

0:28:11: How do ads inside our apps get there?

0:30:45: How does App Microscope work?

0:32:33: How does safety differ from security?

0:34:37: What can you learn from the data and metadata an app generates?

0:37:22: Do you study "dark patterns" in apps?

0:41:42: How do you determine the software makeup of a given app?

0:47:10: How accurate are the app privacy "nutrition" labels?

0:51:58: How important are the non-technical aspects of an app for safety?

0:56:33: How do I use the App Microscope tool?

1:00:38: How can we support your efforts?

1:04:41: Interview follow-up

1:08:51: Burp Suite info

1:09:32: Patron bonus preview

1:10:27: Looking ahead