ReCon: Researchers Develop System to Control Information Leaks from Smartphone Apps

Written by prodigitalweb


Efficient Cloud Based System – ReCon – All-Inclusive Trio Function

Those using the fitness tracking app, Map MyRun could be facing issues of their password being leaked. The well-known fitness app does not seem to be only one but there could be other apps which may be putting your information at risk. Research team led by David Choffnes, an assistant professor in the College of Computer and Information Science has observed widespread leakage of information of users, of device and user identifiers, locations as well as passwords in network traffic from apps on mobile devices inclusive of iOS, Android and Windows phones.The researchers have also come across options of stopping the flow. The discoveries will be presented by Choffnes at the Data Transparency Lab 2015 Conference to be held at the Media Lab at the Massachusetts Institute of Technology. Choffnes together with his colleagues, in their lab at Northeastern, have created a simple, efficient cloud based system known as ReCon with an all-inclusive trio of functions. It tends to detect leaks of personally identifiable information or PII and cautions users to these breaches, enabling them to control the leaks by specifying what information they would need to be blocked and from whom.

Network Traffic Not Protected by Encryption

Choffnes commented that their devices tend to store everything, like their contacts, locations, and adequate information for identification since each device has a unique identifier number built in it. He further explained that a lot of network traffic which tends to go back and forth is not protected by encryption or other means.

It could be all right when one submits their email address to an app for probably to subscribe to its newsletter but not when one types in their password. What is really disturbing is that we tend to observe significant numbers of app sending your password in plain text readable form when logged in. In the case of public Wi-Fi setting, it could mean that anyone with simple software could steal it.

Forrester Research study in June 2015 had reported that smartphone users spend over 85% of their time utilising apps. However not much research has been done on app’s network traffic since the operating systems of mobile devices in contrast to laptops and desktops seems to be difficult to crack.

Installing ReCon – Six/Seven Step Procedure

Besides Map MyRun, password leaking apps also included the language app Duolingo as well as the Indian digital music app Gaana. The three developers have since then fixed the leaks, though several other apps tend to continue sending plain text passwords into traffic, inclusive of the popular dating app.

Choffes says that utilising ReCon seems to be easy and participants can install a virtual private network or VPN, on their device which is an easy six/seven step procedure. The VPN tends to securely transmit the user’s data to the system’s server that runs the ReCon software recognizing when and what information is being leaked. Users need to simply log onto the ReCon secure webpage in order to know the status of their information where they find things like a Google map indicating which of their apps are annihilating their location to other destinations and which apps seems to be releasing their password into unencrypted network traffic. Moreover they can also tell the system what they need to do regarding it.


About the author