Asia-24-Zhou-PrivacyDetective.pdf

《Asia-24-Zhou-PrivacyDetective.pdf》由会员分享，可在线阅读，更多相关《Asia-24-Zhou-PrivacyDetective.pdf（56页珍藏版）》请在三个皮匠报告上搜索。

1、#BHASIA BlackHatEventsPrivacy DetectivePrivacy DetectiveSniffing Out Your Data Leaks for AndroidAbbie&MeggieAbbie&Meggie#BHASIA BlackHatEventsAbout usAbout usMeggie He,A security researcher at OPPO,specializes in security certification,security feature research,and security tool development.She lead

2、s in certification projects,leads the writing of OPPOs IoT security specifications,and development of this tool.Abbie Zhou,A security researcher and engineer,specializes in reverse,development of security features and security tools.He led the development of Privacy Detective.And he has a long-stand

3、ing interest in mobile security and mobile privacy related issues.#BHASIA BlackHatEventsBackgroundBackground#BHASIA BlackHatEventsCompanies ChallengesCompanies ChallengesEuropeUnited StatesSource:https:/ BlackHatEventsCompanies ChallengesCompanies ChallengesSource：https:/ of overall sum of fines(cum

4、ulative):Course of overall number of fines(cumulative):The maximum fine for a GDPR violation is 20 million,or 4%of a companys global annual revenue,whichever is higher.The sum of fines has been growing dramatically,while the number is stably increased.#BHASIA BlackHatEventsCompanies ChallengesCompan

5、ies ChallengesSource：https:/ of overall sum of fines(cumulative):Course of overall number of fines(cumulative):The maximum fine for a GDPR violation is 20 million,or 4%of a companys global annual revenue,whichever is higher.The sum of fines has been growing dramatically,while the number is stably in

6、creased.All-area companies are under legislatives inspection.#BHASIA BlackHatEvents The device should only use secure and non deprecated(TLSv1.2)channels for communication(HTTPS).The source code reveals hardcoded URLs.Only certificates signed by a trusted CA are accepted.Pre installed application sh