SlideShare uma empresa Scribd logo

Smartphone security and privacy: you're doing it wrong

Transferir como KEY, PDF
Graham Lee
Graham Lee

Before you can get security or privacy features correct, you must understand how people think and how this will impact any UI you show for your privacy settings. In this presentation, I discuss the user's mental model and see how this impacts on iPhone and Android privacy UI.

Tecnologia
1 de 39
Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited fuzzyaliens.com
Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited
Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server Telecom CO Particle Accelerator
Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server UX Telecom CO Requirements Eng Particle Accelerator Dev Ops Source Control …
Pre-intro Disclaimer
Introductory Story
Introductory Story • I can’t explain why I did what I did
Introductory Story • I can’t explain why I did what I did • It’s not just hard to explain the rules, I don’t know them
Introductory Story • I can’t explain why I did what I did • It’s not just hard to explain the rules, I don’t know them • Ask me, I’ll not only give the wrong answer, I’ll do something different
Introductory Story • I can’t explain why I did what I did • It’s not just hard to explain the rules, I don’t know them • Ask me, I’ll not only give the wrong answer, I’ll do something different • My original plan got replaced at run-time in the face of new inputs
Erm…privacy?
Erm…privacy?
TAP HERE TO SMASH THEM PIGS Erm…privacy?
Erm…privacy?
iOS Example
iOS Example
iOS Example
iOS Example
Historical Example “ The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. ”
What can we draw from this?
What can we draw from this? • People are capricious
What can we draw from this? • People are capricious • We can’t tell you what information we’ll use to make any decision
What can we draw from this? • People are capricious • We can’t tell you what information we’ll use to make any decision • A rational choice made earlier can be overridden by novel changes in environment
What can we draw from this? • People are capricious • We can’t tell you what information we’ll use to make any decision • A rational choice made earlier can be overridden by novel changes in environment amme rs a n d Sp phish e rs k n o w t his
Therefore, give users an easily-digestible amount of pertinent information AT DECISION TIME
Just-in-time information what I’m trying to do how it’s going
Social Media
Social Media Your mum can read what you post! Change privacy settings
Social Media
Social Media IN REPLY TO DM
Confidential Data
Confidential Data Warning: attachment includes credit card data. Delete Attachment
Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
@iamleeg
@iamleeg fuzzyaliens.com
@iamleeg fuzzyaliens.com

Recomendados

Smartphone security
Smartphone security Smartphone security
Smartphone security Nash Atan
 
Textil
TextilTextil
Textillujan.oulton
 
Cierre Habitantes por Alververas
Cierre Habitantes por AlververasCierre Habitantes por Alververas
Cierre Habitantes por Alververaslujan.oulton
 
Performances
PerformancesPerformances
Performanceslujan.oulton
 
GALA breve presentazione maggio 2015
GALA breve presentazione maggio 2015GALA breve presentazione maggio 2015
GALA breve presentazione maggio 2015Stefano Maria De' Rossi
 
Helicia ftorrente objetoa
Helicia ftorrente objetoaHelicia ftorrente objetoa
Helicia ftorrente objetoalujan.oulton
 
Gallery Nights Octubre
Gallery Nights OctubreGallery Nights Octubre
Gallery Nights Octubrelujan.oulton
 
Presentazione AD Mind 2012
Presentazione AD Mind 2012Presentazione AD Mind 2012
Presentazione AD Mind 2012Stefano Maria De' Rossi
 

Recomendados

Smartphone security
Smartphone security Smartphone security
Smartphone security Nash Atan
 
Textil
TextilTextil
Textillujan.oulton
 
Cierre Habitantes por Alververas
Cierre Habitantes por AlververasCierre Habitantes por Alververas
Cierre Habitantes por Alververaslujan.oulton
 
Performances
PerformancesPerformances
Performanceslujan.oulton
 
GALA breve presentazione maggio 2015
GALA breve presentazione maggio 2015GALA breve presentazione maggio 2015
GALA breve presentazione maggio 2015Stefano Maria De' Rossi
 
Helicia ftorrente objetoa
Helicia ftorrente objetoaHelicia ftorrente objetoa
Helicia ftorrente objetoalujan.oulton
 
Gallery Nights Octubre
Gallery Nights OctubreGallery Nights Octubre
Gallery Nights Octubrelujan.oulton
 
Presentazione AD Mind 2012
Presentazione AD Mind 2012Presentazione AD Mind 2012
Presentazione AD Mind 2012Stefano Maria De' Rossi
 
Mind mapping
Mind mapping Mind mapping
Mind mapping Stefano Maria De' Rossi
 
Data mining in support of fraud management
Data mining in support of fraud managementData mining in support of fraud management
Data mining in support of fraud managementStefano Maria De' Rossi
 
introduzione al data mining
introduzione al data mining introduzione al data mining
introduzione al data mining Stefano Maria De' Rossi
 
Tackling Card not present Fraud
Tackling Card not present FraudTackling Card not present Fraud
Tackling Card not present FraudStefano Maria De' Rossi
 
Cross platform Objective-C Strategy
Cross platform Objective-C StrategyCross platform Objective-C Strategy
Cross platform Objective-C StrategyGraham Lee
 
Las obras en exhibición: Tercera Bienal Kosice
Las obras en exhibición: Tercera Bienal KosiceLas obras en exhibición: Tercera Bienal Kosice
Las obras en exhibición: Tercera Bienal Kosicelujan.oulton
 
Crm value proposition
Crm value propositionCrm value proposition
Crm value propositionStefano Maria De' Rossi
 
Studio Labsus v2009
Studio Labsus v2009Studio Labsus v2009
Studio Labsus v2009Stefano Maria De' Rossi
 
Usability, User Experience and the Internet in the 21st Century
Usability, User Experience and the Internet in the 21st CenturyUsability, User Experience and the Internet in the 21st Century
Usability, User Experience and the Internet in the 21st CenturyMax Soe
 
A quick introduction to User Experience
A quick introduction to User ExperienceA quick introduction to User Experience
A quick introduction to User ExperiencePierre Sauvignon
 
Five Ways to Get Better Data From Our Users
Five Ways to Get Better Data From Our UsersFive Ways to Get Better Data From Our Users
Five Ways to Get Better Data From Our UsersSajid Reshamwala
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology reportMarq2014
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Steve Werby
 
User research at VMware Tanzu Labs
User research at VMware Tanzu LabsUser research at VMware Tanzu Labs
User research at VMware Tanzu LabsVMware Tanzu Developer Center Slides
 
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)Future Insights
 
Finding the Center (2013 Remix)
Finding the Center (2013 Remix)Finding the Center (2013 Remix)
Finding the Center (2013 Remix)Andrew Heaton
 
Fake Your Research - UX Masterclass
Fake Your Research - UX MasterclassFake Your Research - UX Masterclass
Fake Your Research - UX MasterclassSherpas
 
Fake Your Research - UX Masterclass
Fake Your Research - UX MasterclassFake Your Research - UX Masterclass
Fake Your Research - UX MasterclassExperienceU
 
Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Carl B. Forkner, Ph.D.
 
Connor big data
Connor big dataConnor big data
Connor big dataDavid Jimenez
 
Mobile trends saultstemarie
Mobile trends saultstemarieMobile trends saultstemarie
Mobile trends saultstemarieDan Silivestru
 

Mais conteúdo relacionado

Destaque

Data mining in support of fraud management
Data mining in support of fraud managementData mining in support of fraud management
Data mining in support of fraud managementStefano Maria De' Rossi
 
Cross platform Objective-C Strategy
Cross platform Objective-C StrategyCross platform Objective-C Strategy
Cross platform Objective-C StrategyGraham Lee
 
Las obras en exhibición: Tercera Bienal Kosice
Las obras en exhibición: Tercera Bienal KosiceLas obras en exhibición: Tercera Bienal Kosice
Las obras en exhibición: Tercera Bienal Kosicelujan.oulton
 

Destaque (8)

Mind mapping
Mind mapping Mind mapping
Mind mapping
 
Data mining in support of fraud management
Data mining in support of fraud managementData mining in support of fraud management
Data mining in support of fraud management
 
introduzione al data mining
introduzione al data mining introduzione al data mining
introduzione al data mining
 
Tackling Card not present Fraud
Tackling Card not present FraudTackling Card not present Fraud
Tackling Card not present Fraud
 
Cross platform Objective-C Strategy
Cross platform Objective-C StrategyCross platform Objective-C Strategy
Cross platform Objective-C Strategy
 
Las obras en exhibición: Tercera Bienal Kosice
Las obras en exhibición: Tercera Bienal KosiceLas obras en exhibición: Tercera Bienal Kosice
Las obras en exhibición: Tercera Bienal Kosice
 
Crm value proposition
Crm value propositionCrm value proposition
Crm value proposition
 
Studio Labsus v2009
Studio Labsus v2009Studio Labsus v2009
Studio Labsus v2009
 

Semelhante a Smartphone security and privacy: you're doing it wrong

Usability, User Experience and the Internet in the 21st Century
Usability, User Experience and the Internet in the 21st CenturyUsability, User Experience and the Internet in the 21st Century
Usability, User Experience and the Internet in the 21st CenturyMax Soe
 
A quick introduction to User Experience
A quick introduction to User ExperienceA quick introduction to User Experience
A quick introduction to User ExperiencePierre Sauvignon
 
Five Ways to Get Better Data From Our Users
Five Ways to Get Better Data From Our UsersFive Ways to Get Better Data From Our Users
Five Ways to Get Better Data From Our UsersSajid Reshamwala
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology reportMarq2014
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Steve Werby
 
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)Future Insights
 
Finding the Center (2013 Remix)
Finding the Center (2013 Remix)Finding the Center (2013 Remix)
Finding the Center (2013 Remix)Andrew Heaton
 
Fake Your Research - UX Masterclass
Fake Your Research - UX MasterclassFake Your Research - UX Masterclass
Fake Your Research - UX MasterclassSherpas
 
Fake Your Research - UX Masterclass
Fake Your Research - UX MasterclassFake Your Research - UX Masterclass
Fake Your Research - UX MasterclassExperienceU
 
Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Carl B. Forkner, Ph.D.
 
Mobile trends saultstemarie
Mobile trends saultstemarieMobile trends saultstemarie
Mobile trends saultstemarieDan Silivestru
 
Innovative technology for universal communication designed to involve the (he...
Innovative technology for universal communication designed to involve the (he...Innovative technology for universal communication designed to involve the (he...
Innovative technology for universal communication designed to involve the (he...PaloSanto Solutions
 
Defrag 2014
Defrag 2014Defrag 2014
Defrag 2014Keen
 
Guide Dogs and Digital Devices
Guide Dogs and Digital DevicesGuide Dogs and Digital Devices
Guide Dogs and Digital DevicesXamarin
 

Semelhante a Smartphone security and privacy: you're doing it wrong (20)

Usability, User Experience and the Internet in the 21st Century
Usability, User Experience and the Internet in the 21st CenturyUsability, User Experience and the Internet in the 21st Century
Usability, User Experience and the Internet in the 21st Century
 
A quick introduction to User Experience
A quick introduction to User ExperienceA quick introduction to User Experience
A quick introduction to User Experience
 
Five Ways to Get Better Data From Our Users
Five Ways to Get Better Data From Our UsersFive Ways to Get Better Data From Our Users
Five Ways to Get Better Data From Our Users
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology report
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
 
User research at VMware Tanzu Labs
User research at VMware Tanzu LabsUser research at VMware Tanzu Labs
User research at VMware Tanzu Labs
 
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
Design For Users, Not Yourself: UX Lessons My Mom Taught Me (Justin Young)
 
Finding the Center (2013 Remix)
Finding the Center (2013 Remix)Finding the Center (2013 Remix)
Finding the Center (2013 Remix)
 
Fake Your Research - UX Masterclass
Fake Your Research - UX MasterclassFake Your Research - UX Masterclass
Fake Your Research - UX Masterclass
 
Fake Your Research - UX Masterclass
Fake Your Research - UX MasterclassFake Your Research - UX Masterclass
Fake Your Research - UX Masterclass
 
Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...
 
Connor big data
Connor big dataConnor big data
Connor big data
 
Mobile trends saultstemarie
Mobile trends saultstemarieMobile trends saultstemarie
Mobile trends saultstemarie
 
Innovative technology for universal communication designed to involve the (he...
Innovative technology for universal communication designed to involve the (he...Innovative technology for universal communication designed to involve the (he...
Innovative technology for universal communication designed to involve the (he...
 
Defrag 2014
Defrag 2014Defrag 2014
Defrag 2014
 
Tr2016 new final
Tr2016 new finalTr2016 new final
Tr2016 new final
 
Future insights
Future insightsFuture insights
Future insights
 
Guide Dogs and Digital Devices
Guide Dogs and Digital DevicesGuide Dogs and Digital Devices
Guide Dogs and Digital Devices
 
Content is ux
Content is uxContent is ux
Content is ux
 

Mais de Graham Lee

Object-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftObject-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftGraham Lee
 
The Principled Programmer
The Principled ProgrammerThe Principled Programmer
The Principled ProgrammerGraham Lee
 
Taking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDTaking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDGraham Lee
 
Taking a Test Drive
Taking a Test DriveTaking a Test Drive
Taking a Test DriveGraham Lee
 
Crypto storage
Crypto storageCrypto storage
Crypto storageGraham Lee
 
Beyond build and analyze
Beyond build and analyzeBeyond build and analyze
Beyond build and analyzeGraham Lee
 
Sign your code
Sign your codeSign your code
Sign your codeGraham Lee
 
Unit testing for Cocoa developers
Unit testing for Cocoa developersUnit testing for Cocoa developers
Unit testing for Cocoa developersGraham Lee
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
Dial M For Mitigation
Dial M For MitigationDial M For Mitigation
Dial M For MitigationGraham Lee
 
Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Graham Lee
 
Intel Briefing Notes
Intel Briefing NotesIntel Briefing Notes
Intel Briefing NotesGraham Lee
 
Designing a Secure Cocoa App
Designing a Secure Cocoa AppDesigning a Secure Cocoa App
Designing a Secure Cocoa AppGraham Lee
 

Mais de Graham Lee (13)

Object-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftObject-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in Swift
 
The Principled Programmer
The Principled ProgrammerThe Principled Programmer
The Principled Programmer
 
Taking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDTaking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDD
 
Taking a Test Drive
Taking a Test DriveTaking a Test Drive
Taking a Test Drive
 
Crypto storage
Crypto storageCrypto storage
Crypto storage
 
Beyond build and analyze
Beyond build and analyzeBeyond build and analyze
Beyond build and analyze
 
Sign your code
Sign your codeSign your code
Sign your code
 
Unit testing for Cocoa developers
Unit testing for Cocoa developersUnit testing for Cocoa developers
Unit testing for Cocoa developers
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Dial M For Mitigation
Dial M For MitigationDial M For Mitigation
Dial M For Mitigation
 
Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009
 
Intel Briefing Notes
Intel Briefing NotesIntel Briefing Notes
Intel Briefing Notes
 
Designing a Secure Cocoa App
Designing a Secure Cocoa AppDesigning a Secure Cocoa App
Designing a Secure Cocoa App
 

Último

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Smartphone security and privacy: you're doing it wrong

  • 1. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited fuzzyaliens.com
  • 2. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited
  • 3. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server Telecom CO Particle Accelerator
  • 4. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server UX Telecom CO Requirements Eng Particle Accelerator Dev Ops Source Control …
  • 7. Introductory Story • I can’t explain why I did what I did
  • 8. Introductory Story • I can’t explain why I did what I did • It’s not just hard to explain the rules, I don’t know them
  • 9. Introductory Story • I can’t explain why I did what I did • It’s not just hard to explain the rules, I don’t know them • Ask me, I’ll not only give the wrong answer, I’ll do something different
  • 10. Introductory Story • I can’t explain why I did what I did • It’s not just hard to explain the rules, I don’t know them • Ask me, I’ll not only give the wrong answer, I’ll do something different • My original plan got replaced at run-time in the face of new inputs
  • 13. TAP HERE TO SMASH THEM PIGS Erm…privacy?
  • 19. Historical Example “ The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. ”
  • 20. What can we draw from this?
  • 21. What can we draw from this? • People are capricious
  • 22. What can we draw from this? • People are capricious • We can’t tell you what information we’ll use to make any decision
  • 23. What can we draw from this? • People are capricious • We can’t tell you what information we’ll use to make any decision • A rational choice made earlier can be overridden by novel changes in environment
  • 24. What can we draw from this? • People are capricious • We can’t tell you what information we’ll use to make any decision • A rational choice made earlier can be overridden by novel changes in environment amme rs a n d Sp phish e rs k n o w t his
  • 25. Therefore, give users an easily-digestible amount of pertinent information AT DECISION TIME
  • 26. Just-in-time information what I’m trying to do how it’s going
  • 28. Social Media Your mum can read what you post! Change privacy settings
  • 30. Social Media IN REPLY TO DM
  • 32. Confidential Data Warning: attachment includes credit card data. Delete Attachment
  • 33. Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
  • 34. Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
  • 35. Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
  • 36. Summary • Users can help themselves to privacy… • …if app developers do their part and help out • AFFORDABILITY IS KEY (in everything) • Read these books ➡
  • 38. @iamleeg fuzzyaliens.com
  • 39. @iamleeg fuzzyaliens.com

Notas do Editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n