App Privacy and Controls

Back to Research

Research into privacy, security, and information controls of popular applications.

Latest Research

تحرك بسرعة واستخدم تشفيرك الخاص: نظرة سريعة على سرية اجتماعات Zoom

يفحص هذا التقرير التشفير الذي يحمي الاجتماعات في تطبيق Zoom الرائج. وجدنا أن Zoom لديه نظام تشفير “خاص به” ، ويحتوي على نقاط ضعف كبيرة. بالإضافة إلى ذلك حددنا نقاط تثير القلق في البنية التحتية لـ Zoom ، بما في ذلك نقل مفاتيح التشفير للاجتماعات عبر الصين.

Zoom’s Waiting Room Vulnerability

In this note, we describe a security issue where users in the “Waiting Room” of a Zoom meeting could have spied on the meeting, even if they were not approved to join. Zoom fixed the issue after we reported it to them.

Move Fast and Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings

This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.

Installing Fear: A Canadian Legal and Policy Analysis of Using, Developing, and Selling Smartphone Spyware and Stalkerware Applications

This report provides an in-depth legal and policy analysis of technology-facilitated intimate partner surveillance (IPS) under Canadian law. Stalkerware apps are designed to facilitate remote surveillance of an individual’s mobile device use with the surveillance often being covert or advertised as such. Despite increasing recognition of the prevalence of technology-enabled intimate partner abuse and harassment, the legality of the creation, sale, and use of consumer-level spyware apps has not yet been closely considered by Canadian courts, legislators, or regulators.

The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry

This report was collaboratively written by researchers from computer science, political science, criminology, law, and journalism studies. As befits their expertise, the report is divided into several parts, with each focusing on specific aspects of the consumer spyware ecosystem, which includes: technical elements associated stalkerware applications, stalkerware companies’ marketing activities and public policies, and these companies’ compliance with Canadian federal commercial privacy legislation.

Fit Leaking: Citizen Lab Research on Fitness Tracker Privacy

The post covers several categories of information that can be gleaned from examining Strava’s fitness tracker data, ranging from enabling the identification of secret military facilities in “dark areas” to specific identifiable behaviour patterns of at-risk individuals.

Secure Your Chats: Why Encrypted Messaging Matters

End-to-end encrypted messaging is effective at protecting the content of your messages from being read as they travel across the Internet to your friends and family. This is why the Citizen Lab has released Secure Your Chats: a Net Alert resource that outlines how to safely use end-to-end encryption.

Safer Without: Korean Child Monitoring and Filtering Apps

South Korea requires minors to have content filtering apps installed on their phones. A security audit of two child monitoring apps—Cyber Security Zone and Smart Dream—finds serious security and privacy issues that put children at risk.