Firewalls Don't Stop Dragons Podcast

Microscoping Our Apps

Listen Later

We’ve been installing apps on our smartphones for almost two decades now. The iPhone and Android app stores kicked off in 2008 and we still, to this day, have no real way to know what’s in them. It turns out that most apps are an amalgamation of software libraries and development kits from various third party vendors, so often even the makers of apps don’t fully understand the makeup of their products. Lisa LeVasseur from Internet Safety Labs has worked to build tools to dissect and inspect our apps and help us understand what they’re really doing.

Interview Notes
  • Internet Safety Labs: https://internetsafetylabs.org/
  • App Microscope: https://appmicroscope.org/ 
  • Interview with Dr. Johnny Ryan on real-time bidding: https://podcast.firewallsdontstopdragons.com/2021/08/02/selling-you-out-to-the-highest-bidder/ 
  • Dark Patterns interview: https://podcast.firewallsdontstopdragons.com/2020/11/16/dark-patterns-part-1/ 
  • Using Burp Suite to intercept HTTP traffic: https://portswigger.net/burp/documentation/desktop/getting-started/intercepting-http-traffic 
  • Exodus Privacy: https://exodus-privacy.eu.org/en/ 
  • Henrietta Lacks: https://en.wikipedia.org/wiki/Henrietta_Lacks 
    • Further Info
    • My book: https://fdsd.me/book 
    • My newsletter: https://fdsd.me/newsletter 
    • Support the mission: https://fdsd.me/support 
    • My social media: https://firewallsdontstopdragons.com/contact/ 
    • Give the gift of privacy and security: https://fdsd.me/coupons 
    • Recommend news stories: send to news [at] firewallsdontstopdragons.com 
    • Send me your questions! https://fdsd.me/qna 
    • Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
      • Table of Contents
      • 0:00:00: Intro
      • 0:00:31: Note on 23andMe
      • 0:01:35: Follow my social media
      • 0:01:58: Signal debacle
      • 0:02:39: Interview setup
      • 0:07:06: What is Internet Safety Labs and what do you do there?
      • 0:09:49: What are the privacy risks with EdTech?
      • 0:16:31: How did the pandemic impact EdTech software?
      • 0:19:02: How does the “notice and consent” model work with EdTech software?
      • 0:25:26: Do app makers even know what’s in their own software?
      • 0:28:11: How do ads inside our apps get there?
      • 0:30:45: How does App Microscope work?
      • 0:32:33: How does safety differ from security?
      • 0:34:37: What can you learn from the data and metadata an app generates?
      • 0:37:22: Do you study “dark patterns” in apps?
      • 0:41:42: How do you determine the software makeup of a given app?
      • 0:47:10: How accurate are the app privacy “nutrition” labels?
      • 0:51:58: How important are the non-technical aspects of an app for safety?
      • 0:56:33: How do I use the App Microscope tool?
      • 1:00:38: How can we support your efforts?
      • 1:04:41: Interview follow-up
      • 1:08:51: Burp Suite info
      • 1:09:32: Patron bonus preview
      • 1:10:27: Looking ahead
        • ...more
        View all episodesView all episodes
        Download on the App Store
        Firewalls Don't Stop Dragons PodcastBy Carey Parker
        • 4.9
        • 4.9
        • 4.9
        • 4.9
        • 4.9

        4.9

        64 ratings

        More shows like Firewalls Don't Stop Dragons Podcast

        View all
        Hacked by Hacked

        Hacked

        190 Listeners

        Security Now (Audio) by TWiT

        Security Now (Audio)

        2,011 Listeners

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

        373 Listeners

        Risky Business by Patrick Gray

        Risky Business

        374 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        655 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,023 Listeners

        Smashing Security by Graham Cluley

        Smashing Security

        318 Listeners

        Click Here by Recorded Future News

        Click Here

        418 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        8,041 Listeners

        Hacking Humans by N2K Networks

        Hacking Humans

        315 Listeners

        Techlore Surveillance Report by Techlore

        Techlore Surveillance Report

        105 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        138 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        44 Listeners

        Hacker And The Fed by Chris Tarbell & Hector Monsegur

        Hacker And The Fed

        169 Listeners

        The AI Fix by Graham Cluley and Mark Stockley

        The AI Fix

        34 Listeners