CASA Distinguished Lecture
The Cluster of Excellence CASA - Cyber Security in the Age of Large-Scale Adversaries is a leading center for pioneering IT security research at Ruhr University Bochum. CASA pursues the clear goal of ensuring that the digital world is sustainably more secure. Prof. Martina Lindorfer delivered a talk titled “Shedding Light on Data Collection and Security Issues in Modern Apps”.
In her talk, Martina Lindorfer discussed the integral role of mobile phones in our daily lives, emphasizing how we rely on a wide array of apps for everything from communication to shopping, banking, and controlling smart home devices. She highlighted how, in the pursuit of maximizing user experience, apps collect and process an increasing amount of private information. With the rise of IoT devices, users have been surrendering even more private information about their daily lives and habits for the sake of convenience.
Lindorfer pointed out that this private information has become a valuable commodity, with tech monopolies and shadow brokers collecting and aggregating data, not just to provide tailored content, but also for market research and targeted advertising. However, this process remains far from transparent, and our data is not always handled by trustworthy or secure entities. Even well-intentioned developers face challenges when dealing with supply chain issues, such as integrating libraries, external tools, and services.
While existing legislation like the GDPR and CCPA, along with upcoming initiatives like the Cyber Resilience Act, aim to protect consumers from privacy invasions and insecure products, Lindorfer noted that the necessary techniques for automated technical analyses to enforce these laws remain an ongoing challenge.
During her presentation, she shared her team’s ongoing research on developing scalable static and dynamic program analysis techniques for modern mobile and web-based apps, including their integration with IoT devices. These efforts enable large-scale measurements to promote transparency and accountability in how apps process and share private information. Lindorfer also addressed recent privacy measures by Apple and Google, which have increased transparency but still lack effective enforcement and accountability in how apps handle data. Finally, she touched on how new app programming paradigms undermine expected security and privacy guarantees.