App Security & Privacy
Examining the privacy and security of mobile applications (apps) from technical, legal, and policy perspectives.
Read more
How secure are the apps that you use every day? Our work seeks to answer this question by examining the privacy and security of mobile apps.
Mobile apps have become a ubiquitous feature of modern life and a central means for civil society to communicate, organize, and mobilize. The apps we use collect, store, and transmit sensitive information about the most intimate aspects of our daily lives in ways that are insecure and lack transparency. Apps that have amassed billions of users across the world remain understudied by security researchers, with limited information on their relative privacy and security.
Security vulnerabilities in mobile apps can compromise a user’s device and expose their private data to attackers. Apps that use inadequate encryption to transmit data can expose a user’s personal data and geolocation to anyone with visibility on the network.
Our work examines the privacy and security of mobile apps from technical, legal, and policy perspectives. We analyze mobile apps to identify security issues and insecure network transmissions. We have identified and disclosed security vulnerabilities to app developers, leading to security improvements for billions of users, multiple times over.
LATEST RESEARCH
-
Network Security Issues in RedNote
Our network security analysis of the popular social media app, RedNote, revealed a number of issues with both the Android and iOS versions of the app.
February 12, 2025
-
Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol
This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.
October 15, 2024
-
The Not-So-Silent Type
Vulnerabilities Across Keyboard Apps Reveal Keystrokes to Network Eavesdroppers
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted, constituting a tremendous risk to user security.
April 23, 2024
RECENT NEWS
BROWSE RELATED CONTENT
OUR EXPERTS IN APP SECURITY & PRIVACY
-
Pellaeon Lin
Senior Researcher
-
Jeffrey Knockel
Senior Fellow
-
Mona Wang
Open Technology Fund Information Controls Fellow
