1 00:00:01,280 --> 00:00:12,559 [Music] 2 00:00:14,179 --> 00:00:17,340 so we'll be talking about no permissions 3 00:00:17,340 --> 00:00:20,820 needed I am Aditi I've been already 4 00:00:20,820 --> 00:00:22,680 introduced I'll just skip my interest 5 00:00:22,680 --> 00:00:24,720 lies and security privacy and techno 6 00:00:24,720 --> 00:00:27,180 sociology which is basically impact of 7 00:00:27,180 --> 00:00:30,720 tech on humans and Society overall 8 00:00:30,720 --> 00:00:31,439 um 9 00:00:31,439 --> 00:00:34,079 so diving directly into the topic before 10 00:00:34,079 --> 00:00:36,899 beginning I would like to have a show of 11 00:00:36,899 --> 00:00:38,340 hands of how many people have used 12 00:00:38,340 --> 00:00:42,180 Android ever or hacked Android yeah all 13 00:00:42,180 --> 00:00:43,920 of us I think all of us are kind of 14 00:00:43,920 --> 00:00:45,899 familiar with Android which kind of 15 00:00:45,899 --> 00:00:48,360 makes sense because you're here 16 00:00:48,360 --> 00:00:50,100 um so if you have you would have seen 17 00:00:50,100 --> 00:00:52,020 these permission Alex right like one 18 00:00:52,020 --> 00:00:53,940 appears when you're installing the app 19 00:00:53,940 --> 00:00:56,100 where the app asks you a bunch of 20 00:00:56,100 --> 00:00:57,840 permissions then you can go to settings 21 00:00:57,840 --> 00:01:00,120 and see what all Apple missions have 22 00:01:00,120 --> 00:01:02,399 been there and then third one is a newly 23 00:01:02,399 --> 00:01:04,080 introduced one which I really like where 24 00:01:04,080 --> 00:01:05,820 you can decide whether you want to give 25 00:01:05,820 --> 00:01:08,100 permission throughout the time of when 26 00:01:08,100 --> 00:01:09,659 you're using the app or also in the 27 00:01:09,659 --> 00:01:12,060 background and stuff like that uh but we 28 00:01:12,060 --> 00:01:13,680 are here to demystify as to what 29 00:01:13,680 --> 00:01:15,240 permissions actually mean in Android 30 00:01:15,240 --> 00:01:17,880 world right so I'll try to do that in 31 00:01:17,880 --> 00:01:19,799 four simple steps 32 00:01:19,799 --> 00:01:23,220 um the first part of it is why are you 33 00:01:23,220 --> 00:01:25,140 shown this a screen so if you're trying 34 00:01:25,140 --> 00:01:27,240 to code an Android app suppose you're 35 00:01:27,240 --> 00:01:28,860 trying to code a weather app and it 36 00:01:28,860 --> 00:01:30,900 needs your location permission when you 37 00:01:30,900 --> 00:01:32,280 add the function chain of get 38 00:01:32,280 --> 00:01:34,439 geocoordinates or get whatever Android 39 00:01:34,439 --> 00:01:36,479 Studio asks you to add this particular 40 00:01:36,479 --> 00:01:38,579 permission in your Android manifest file 41 00:01:38,579 --> 00:01:40,220 so in Android there is 42 00:01:40,220 --> 00:01:42,060 androidmanifest.xml which is kind of the 43 00:01:42,060 --> 00:01:43,979 Central File where all the permissions 44 00:01:43,979 --> 00:01:46,020 are listed so they are shown up here 45 00:01:46,020 --> 00:01:48,780 it's a user's permission brackets so all 46 00:01:48,780 --> 00:01:49,920 the permissions that the app would be 47 00:01:49,920 --> 00:01:51,899 needing would be listed in here so that 48 00:01:51,899 --> 00:01:53,460 is the first part the app developer 49 00:01:53,460 --> 00:01:54,840 defining that this is the set of 50 00:01:54,840 --> 00:01:57,360 permission I I need in order for my app 51 00:01:57,360 --> 00:01:59,100 to work and when you install Android 52 00:01:59,100 --> 00:02:01,259 picks up the same set and shows you out 53 00:02:01,259 --> 00:02:03,479 in the dialog box that we just saw so 54 00:02:03,479 --> 00:02:06,000 that is the first part the other part is 55 00:02:06,000 --> 00:02:08,580 what happens in Android world right so 56 00:02:08,580 --> 00:02:10,679 if you have an app how Android actually 57 00:02:10,679 --> 00:02:12,060 treats that app 58 00:02:12,060 --> 00:02:14,459 so in Android every app has a package 59 00:02:14,459 --> 00:02:16,500 name right and the funny part is it's 60 00:02:16,500 --> 00:02:18,560 not not even unique right like uh 61 00:02:18,560 --> 00:02:21,000 com.android.chrome identifies Chrome app 62 00:02:21,000 --> 00:02:23,220 but you can as well create an app with 63 00:02:23,220 --> 00:02:24,900 that package name although it would not 64 00:02:24,900 --> 00:02:26,280 install on your device if Chrome already 65 00:02:26,280 --> 00:02:27,840 exists but yeah that that loophole is 66 00:02:27,840 --> 00:02:30,959 there so for Android it identifies every 67 00:02:30,959 --> 00:02:33,239 app with the package name and the 68 00:02:33,239 --> 00:02:35,700 interesting bit here is the user ID so 69 00:02:35,700 --> 00:02:37,739 it assigns a particular user ID to the 70 00:02:37,739 --> 00:02:40,200 app and it has this set of permissions 71 00:02:40,200 --> 00:02:42,420 listed to the app uh so where can you 72 00:02:42,420 --> 00:02:44,280 find the central file it is Data System 73 00:02:44,280 --> 00:02:46,680 slash packages.xml so you need to be 74 00:02:46,680 --> 00:02:49,500 root or if you're an emulator you can do 75 00:02:49,500 --> 00:02:51,360 ADB root and then you can pull this file 76 00:02:51,360 --> 00:02:53,640 out and you can see all the packages all 77 00:02:53,640 --> 00:02:55,739 the apps which are in Android 78 00:02:55,739 --> 00:02:57,120 um and all the permissions associated 79 00:02:57,120 --> 00:02:59,280 with that app 80 00:02:59,280 --> 00:03:01,440 so now you hear you see that it is just 81 00:03:01,440 --> 00:03:03,659 list of strings right like Android 82 00:03:03,659 --> 00:03:05,459 permission or device power what does 83 00:03:05,459 --> 00:03:08,400 this string exactly mean in OS world 84 00:03:08,400 --> 00:03:10,680 so the next bit I'll show is really 85 00:03:10,680 --> 00:03:12,599 interesting file which kind of does this 86 00:03:12,599 --> 00:03:14,780 mapping of the string with a group ID 87 00:03:14,780 --> 00:03:17,519 Now Android is nothing but Linux right 88 00:03:17,519 --> 00:03:19,680 and uids and group IDs kind of make 89 00:03:19,680 --> 00:03:21,180 sense to us because we are familiar with 90 00:03:21,180 --> 00:03:23,280 it in Linux world so you'll see that 91 00:03:23,280 --> 00:03:25,500 each permission is essentially related 92 00:03:25,500 --> 00:03:27,360 to a group ID here for example Bluetooth 93 00:03:27,360 --> 00:03:30,780 admin has a group ID net BT admin and 94 00:03:30,780 --> 00:03:32,340 then there is a separate file which does 95 00:03:32,340 --> 00:03:34,200 the mapping of group ID with the 96 00:03:34,200 --> 00:03:36,000 corresponding group group code which is 97 00:03:36,000 --> 00:03:38,280 a numeric value 98 00:03:38,280 --> 00:03:40,799 so in Linux uids are used to separate 99 00:03:40,799 --> 00:03:43,080 users because Linux was designed to be a 100 00:03:43,080 --> 00:03:45,720 multi-user OS so you had uid so that 101 00:03:45,720 --> 00:03:48,000 users can not interfere with each of 102 00:03:48,000 --> 00:03:49,680 their spaces you do not have access to 103 00:03:49,680 --> 00:03:51,840 access accessory sources of other user 104 00:03:51,840 --> 00:03:54,540 Android kind of repurpose the same logic 105 00:03:54,540 --> 00:03:57,120 for apps so every app basically has its 106 00:03:57,120 --> 00:03:59,939 own uid and a set of permissions which 107 00:03:59,939 --> 00:04:02,700 are listed as gids 108 00:04:02,700 --> 00:04:06,120 so that is in brief how permissions 109 00:04:06,120 --> 00:04:08,720 actually work in kernel land in Android 110 00:04:08,720 --> 00:04:11,700 and usually whenever an app starts 111 00:04:11,700 --> 00:04:13,980 Android has Dalvik VM which it's used 112 00:04:13,980 --> 00:04:16,680 uses to run Java or kotlin code whenever 113 00:04:16,680 --> 00:04:18,298 you launch an app it does not create the 114 00:04:18,298 --> 00:04:20,639 VM it rather focus of a process from 115 00:04:20,639 --> 00:04:22,800 zygot so zygote is a central process 116 00:04:22,800 --> 00:04:25,620 which has root access it has all the 117 00:04:25,620 --> 00:04:27,660 loaded libraries that your app needs in 118 00:04:27,660 --> 00:04:29,820 order to perform and whenever you launch 119 00:04:29,820 --> 00:04:31,979 an app basically it just folks out of 120 00:04:31,979 --> 00:04:34,680 that thread so zygod has everything and 121 00:04:34,680 --> 00:04:37,259 at the time of working it assigns a set 122 00:04:37,259 --> 00:04:39,419 of group IDs that we just talked about 123 00:04:39,419 --> 00:04:41,100 so that is the permissions that the app 124 00:04:41,100 --> 00:04:43,500 would have and capabilities 125 00:04:43,500 --> 00:04:46,320 and also a different uid so at the time 126 00:04:46,320 --> 00:04:48,900 of specialization app basically becomes 127 00:04:48,900 --> 00:04:50,400 its own app like it's the privilege is 128 00:04:50,400 --> 00:04:52,139 reduced and it is reduced to the group 129 00:04:52,139 --> 00:04:53,520 IDs to the permissions that the app 130 00:04:53,520 --> 00:04:56,699 asked for so that is what happens and uh 131 00:04:56,699 --> 00:04:58,440 this book Android security internals I 132 00:04:58,440 --> 00:05:00,539 find it really interesting by Nicole he 133 00:05:00,539 --> 00:05:02,039 has detailed a lot more into what 134 00:05:02,039 --> 00:05:04,259 happens exactly uh in Android kernel and 135 00:05:04,259 --> 00:05:06,660 how security is insured 136 00:05:06,660 --> 00:05:08,580 so having talked about that what are 137 00:05:08,580 --> 00:05:10,680 permissions can an app declare so I was 138 00:05:10,680 --> 00:05:12,419 interested interested in seeing what our 139 00:05:12,419 --> 00:05:14,160 permissions are there on Android system 140 00:05:14,160 --> 00:05:17,340 and to do that you can simply 141 00:05:17,340 --> 00:05:20,940 um try doing PM list permissions Dash F 142 00:05:20,940 --> 00:05:23,400 which will list all the permissions on 143 00:05:23,400 --> 00:05:25,440 your device now note that not all 144 00:05:25,440 --> 00:05:26,940 permissions are same across all the 145 00:05:26,940 --> 00:05:28,919 devices because apps can also create 146 00:05:28,919 --> 00:05:30,539 their own custom permissions which show 147 00:05:30,539 --> 00:05:31,740 up 148 00:05:31,740 --> 00:05:33,539 um and whenever you see in any 149 00:05:33,539 --> 00:05:35,100 permission here there would be a 150 00:05:35,100 --> 00:05:37,440 permission a package sometimes also give 151 00:05:37,440 --> 00:05:39,300 the description but the interesting bit 152 00:05:39,300 --> 00:05:42,000 here is the protection level 153 00:05:42,000 --> 00:05:44,539 so the prediction level can be normal 154 00:05:44,539 --> 00:05:47,520 dangerous privilege signature or 155 00:05:47,520 --> 00:05:48,600 privilege 156 00:05:48,600 --> 00:05:50,820 we'll talk about the normal and 157 00:05:50,820 --> 00:05:53,220 dangerous one more so normal is a set of 158 00:05:53,220 --> 00:05:54,360 permissions 159 00:05:54,360 --> 00:05:56,580 taking a step back Android introduce 160 00:05:56,580 --> 00:05:58,500 permissions to accept to limit access 161 00:05:58,500 --> 00:06:00,479 right like you cannot access resources 162 00:06:00,479 --> 00:06:02,460 like location without declaring a 163 00:06:02,460 --> 00:06:04,680 permission now the permissions that fall 164 00:06:04,680 --> 00:06:06,360 under normal are the ones that 165 00:06:06,360 --> 00:06:07,860 developers need to Define and Android 166 00:06:07,860 --> 00:06:10,259 manifest but they do not ask they do not 167 00:06:10,259 --> 00:06:11,880 need user intervention so you can as 168 00:06:11,880 --> 00:06:13,680 well Define normal permissions but it 169 00:06:13,680 --> 00:06:15,479 would not be shown in a prompt to user 170 00:06:15,479 --> 00:06:18,600 right they'll just stay there 171 00:06:18,600 --> 00:06:20,220 um dangerous are the ones like location 172 00:06:20,220 --> 00:06:22,800 for which you are shown prompt for and 173 00:06:22,800 --> 00:06:24,120 then there are other like signature or 174 00:06:24,120 --> 00:06:26,160 signature or system uh these are usually 175 00:06:26,160 --> 00:06:27,780 very restricted permissions you cannot 176 00:06:27,780 --> 00:06:29,940 not every app can Define it and there 177 00:06:29,940 --> 00:06:31,800 are usually signatures involved or the 178 00:06:31,800 --> 00:06:33,720 app needs to be in system so usually 179 00:06:33,720 --> 00:06:36,600 system apps or custom apps of the oems 180 00:06:36,600 --> 00:06:38,639 use those kind of permissions 181 00:06:38,639 --> 00:06:41,100 uh but I was not interested in data 182 00:06:41,100 --> 00:06:42,660 collected after defining this permission 183 00:06:42,660 --> 00:06:44,220 I was interested in data collected 184 00:06:44,220 --> 00:06:45,840 without defining any permission on 185 00:06:45,840 --> 00:06:47,340 Android 186 00:06:47,340 --> 00:06:49,800 so I created an app I called it Jon Snow 187 00:06:49,800 --> 00:06:51,660 app uh you know nothing and this is the 188 00:06:51,660 --> 00:06:53,819 Android manifest of that app so you see 189 00:06:53,819 --> 00:06:55,380 that there is no user's permission here 190 00:06:55,380 --> 00:06:57,419 like it's not using any permission and 191 00:06:57,419 --> 00:06:58,800 that was the whole idea that without 192 00:06:58,800 --> 00:06:59,880 using any permission what all 193 00:06:59,880 --> 00:07:02,780 information can I extract 194 00:07:02,780 --> 00:07:06,599 so I'll just show the app right now 195 00:07:06,599 --> 00:07:09,479 uh so you can see that it's like no 196 00:07:09,479 --> 00:07:11,639 permissions requested it's grayed out 197 00:07:11,639 --> 00:07:13,919 a rare occasion on Android 198 00:07:13,919 --> 00:07:16,380 and when I say what do you know 199 00:07:16,380 --> 00:07:17,940 I'll give you the basic details like 200 00:07:17,940 --> 00:07:21,599 manufacturer model uh supported 32-bit 201 00:07:21,599 --> 00:07:23,720 stuff like that 202 00:07:23,720 --> 00:07:26,699 and then I asked it and a hardware 203 00:07:26,699 --> 00:07:29,580 details fingerprints and stuff like that 204 00:07:29,580 --> 00:07:32,819 and it also shows you whether you know 205 00:07:32,819 --> 00:07:34,919 configurations like ADB is enabled or 206 00:07:34,919 --> 00:07:36,479 not 207 00:07:36,479 --> 00:07:37,020 um 208 00:07:37,020 --> 00:07:39,840 here USB Mass Storage Wi-Fi is on or not 209 00:07:39,840 --> 00:07:42,120 airplane mode is on or not data roaming 210 00:07:42,120 --> 00:07:44,699 boot count HTTP proxy a bunch of system 211 00:07:44,699 --> 00:07:46,680 settings essentially 212 00:07:46,680 --> 00:07:48,840 so it was okay it was interesting some 213 00:07:48,840 --> 00:07:50,280 information about my system which is 214 00:07:50,280 --> 00:07:52,500 fine it also tells you settings which 215 00:07:52,500 --> 00:07:53,520 are very personal to you like 216 00:07:53,520 --> 00:07:55,740 accessibility settings right uh 217 00:07:55,740 --> 00:07:58,680 inversion of colors or parental controls 218 00:07:58,680 --> 00:08:00,180 on your device whether they're 219 00:08:00,180 --> 00:08:01,620 established or not whether you have 220 00:08:01,620 --> 00:08:05,160 touch exploration or not uh most 221 00:08:05,160 --> 00:08:07,199 interestingly it was also able to know 222 00:08:07,199 --> 00:08:10,379 all the apps that I'm using right so um 223 00:08:10,379 --> 00:08:13,139 the names of the apps banking apps or 224 00:08:13,139 --> 00:08:14,340 any other things 225 00:08:14,340 --> 00:08:16,440 and this bit is the favorite one because 226 00:08:16,440 --> 00:08:18,479 it is also able to gather information 227 00:08:18,479 --> 00:08:21,840 which is kind of not like does it 228 00:08:21,840 --> 00:08:23,340 doesn't need that kind of information so 229 00:08:23,340 --> 00:08:24,900 information like when is your wake-up 230 00:08:24,900 --> 00:08:27,060 alarm set up to so I'll be waking up in 231 00:08:27,060 --> 00:08:28,560 six hours I would know any app would 232 00:08:28,560 --> 00:08:30,539 know that or whether I'm listening to a 233 00:08:30,539 --> 00:08:32,458 song or not based on you know the audio 234 00:08:32,458 --> 00:08:34,679 status uh microphone is mute or not 235 00:08:34,679 --> 00:08:37,080 battery is charging or not uh clipboard 236 00:08:37,080 --> 00:08:39,839 what is the last thing you copied right 237 00:08:39,839 --> 00:08:41,458 so if you forwarded a chat from your 238 00:08:41,458 --> 00:08:43,620 loved one to someone else this app which 239 00:08:43,620 --> 00:08:44,880 has no permission sitting on your device 240 00:08:44,880 --> 00:08:47,399 will be able to read that message or any 241 00:08:47,399 --> 00:08:48,720 link that you shared anything that you 242 00:08:48,720 --> 00:08:51,720 copied basically and along with that app 243 00:08:51,720 --> 00:08:54,240 widget so whatever widgets you installed 244 00:08:54,240 --> 00:08:55,560 on your mobile phones other than the 245 00:08:55,560 --> 00:08:57,300 apps 246 00:08:57,300 --> 00:08:58,800 so it was able to collect all this 247 00:08:58,800 --> 00:09:00,959 information and honestly it was just a 248 00:09:00,959 --> 00:09:03,660 first go so I went to Android studio and 249 00:09:03,660 --> 00:09:05,339 like Global setting system settings and 250 00:09:05,339 --> 00:09:06,720 I tried to access everything that 251 00:09:06,720 --> 00:09:08,339 Android Studio was letting me access 252 00:09:08,339 --> 00:09:10,500 without finding a permission and this 253 00:09:10,500 --> 00:09:11,880 was what I was able to get in the first 254 00:09:11,880 --> 00:09:13,680 go 255 00:09:13,680 --> 00:09:16,140 and why does it matter so I think and 256 00:09:16,140 --> 00:09:17,640 this is a kind of broader problem in 257 00:09:17,640 --> 00:09:20,100 privacy that we say that these are data 258 00:09:20,100 --> 00:09:21,000 points and these are just system 259 00:09:21,000 --> 00:09:22,920 settings and you know we need it but if 260 00:09:22,920 --> 00:09:25,200 you put a human behind these data points 261 00:09:25,200 --> 00:09:26,700 you can easily make inferences about 262 00:09:26,700 --> 00:09:29,220 someone so if you have like apps you use 263 00:09:29,220 --> 00:09:30,899 there has been research around that that 264 00:09:30,899 --> 00:09:32,399 just on the basis of the apps you use 265 00:09:32,399 --> 00:09:34,260 you can find out the gender of a person 266 00:09:34,260 --> 00:09:36,540 or ethnicity or age group or addictions 267 00:09:36,540 --> 00:09:38,760 health problems if you're using banking 268 00:09:38,760 --> 00:09:40,320 apps they will know which bank your 269 00:09:40,320 --> 00:09:42,959 money goes into lifestyle apps where do 270 00:09:42,959 --> 00:09:44,459 you shop your clothes from and stuff 271 00:09:44,459 --> 00:09:45,720 like that because there's an app for 272 00:09:45,720 --> 00:09:48,180 everything so appnium kind of indicates 273 00:09:48,180 --> 00:09:51,019 your preference or your choice in life 274 00:09:51,019 --> 00:09:53,160 similarly device controls right 275 00:09:53,160 --> 00:09:55,140 accessibility health conditions whether 276 00:09:55,140 --> 00:09:57,060 you're a child or not these can be shown 277 00:09:57,060 --> 00:09:58,860 based on whether your parental controls 278 00:09:58,860 --> 00:10:00,959 are established or not clipboard data 279 00:10:00,959 --> 00:10:02,700 Bluetooth on right so there are all 280 00:10:02,700 --> 00:10:05,940 these uh things and the most importantly 281 00:10:05,940 --> 00:10:07,680 is that all this set of information 282 00:10:07,680 --> 00:10:10,440 since it's so much can be easily used to 283 00:10:10,440 --> 00:10:12,000 do device fingerprinting so there has 284 00:10:12,000 --> 00:10:13,800 been talks around 285 00:10:13,800 --> 00:10:15,600 um apps basically using a thing called 286 00:10:15,600 --> 00:10:17,279 advertising ID so they collect 287 00:10:17,279 --> 00:10:19,260 everything from your whatever you are 288 00:10:19,260 --> 00:10:20,519 performing on the app they collect that 289 00:10:20,519 --> 00:10:22,860 information they add a unique identifier 290 00:10:22,860 --> 00:10:24,720 which can profile you which is 291 00:10:24,720 --> 00:10:26,339 advertising ID and it sends it over to 292 00:10:26,339 --> 00:10:27,839 advertising server so that is how they 293 00:10:27,839 --> 00:10:31,320 maintain a profile of you right and the 294 00:10:31,320 --> 00:10:33,120 talks around advertising ID was that 295 00:10:33,120 --> 00:10:35,220 users should be able or given the right 296 00:10:35,220 --> 00:10:37,620 to remove that link of profiling and the 297 00:10:37,620 --> 00:10:40,140 ID used to identify that person but that 298 00:10:40,140 --> 00:10:42,240 link does not hold like that choice is 299 00:10:42,240 --> 00:10:43,740 no more there when your device can be so 300 00:10:43,740 --> 00:10:45,660 easily fingerprinted and for browser 301 00:10:45,660 --> 00:10:47,279 fingerprinting we still have had more 302 00:10:47,279 --> 00:10:49,440 discussions but for Android device 303 00:10:49,440 --> 00:10:50,700 fingerprinting there has been no 304 00:10:50,700 --> 00:10:53,279 solution as such for now 305 00:10:53,279 --> 00:10:54,600 um other challenges that I see in 306 00:10:54,600 --> 00:10:56,700 existing permission model is permission 307 00:10:56,700 --> 00:10:59,100 redaligation 308 00:10:59,100 --> 00:11:01,680 in Android since it is the because of 309 00:11:01,680 --> 00:11:03,300 the rich functionality it offers it 310 00:11:03,300 --> 00:11:05,220 allows for IPC which is inter-process 311 00:11:05,220 --> 00:11:06,959 communication so it can easily happen 312 00:11:06,959 --> 00:11:09,360 that app is taking location permission a 313 00:11:09,360 --> 00:11:11,339 b is taking Gallery permission and then 314 00:11:11,339 --> 00:11:12,480 both of them are talking to each other 315 00:11:12,480 --> 00:11:15,480 through like custom content Uris or 316 00:11:15,480 --> 00:11:16,920 other ways in which Android allows 317 00:11:16,920 --> 00:11:20,100 information to be accessed across apps 318 00:11:20,100 --> 00:11:22,500 and I did a little bit of experiment I 319 00:11:22,500 --> 00:11:24,360 would not go in deep because we have 320 00:11:24,360 --> 00:11:27,240 very less minutes here but what I tried 321 00:11:27,240 --> 00:11:29,279 to do was can I find which app is 322 00:11:29,279 --> 00:11:30,540 talking to which app on my Android 323 00:11:30,540 --> 00:11:33,180 device and I was able to do that by 324 00:11:33,180 --> 00:11:35,040 hooking into the looking into the binder 325 00:11:35,040 --> 00:11:37,680 calls so Android allows for IPC through 326 00:11:37,680 --> 00:11:39,779 binder and binder does a lot of logging 327 00:11:39,779 --> 00:11:41,700 so for every process that keeps process 328 00:11:41,700 --> 00:11:43,380 logs which get erased after some time 329 00:11:43,380 --> 00:11:45,300 and those logs have the information of 330 00:11:45,300 --> 00:11:48,300 whether which process was interacted to 331 00:11:48,300 --> 00:11:50,279 from this process so I kind of try to 332 00:11:50,279 --> 00:11:53,459 use that log and make a mapping so 333 00:11:53,459 --> 00:11:55,500 there's a script which you can share for 334 00:11:55,500 --> 00:11:57,060 people who are interested so you can 335 00:11:57,060 --> 00:11:58,260 know which apps are talking on your 336 00:11:58,260 --> 00:12:01,560 device but do not go more in detail here 337 00:12:01,560 --> 00:12:04,019 let's talk about some other stuff so 338 00:12:04,019 --> 00:12:07,440 what else is problematic then there's a 339 00:12:07,440 --> 00:12:08,820 thing called common libraries right so 340 00:12:08,820 --> 00:12:10,860 you use libraries for crash dumb 341 00:12:10,860 --> 00:12:12,600 collection you use libraries for logging 342 00:12:12,600 --> 00:12:14,639 and those libraries whenever they are 343 00:12:14,639 --> 00:12:16,139 integrated they have the same kind of 344 00:12:16,139 --> 00:12:18,180 access that the app has so whatever 345 00:12:18,180 --> 00:12:20,040 permissions the app has access to the 346 00:12:20,040 --> 00:12:21,720 library also has and the library is a 347 00:12:21,720 --> 00:12:23,339 third party thing altogether right so 348 00:12:23,339 --> 00:12:25,500 they can take again location from one 349 00:12:25,500 --> 00:12:27,000 app and that library is part of another 350 00:12:27,000 --> 00:12:28,680 app so it can take images from the other 351 00:12:28,680 --> 00:12:33,720 app and basically collect and file you 352 00:12:33,720 --> 00:12:36,839 uh how many minutes are left I'm sorry 353 00:12:36,839 --> 00:12:38,459 oh thank you 354 00:12:38,459 --> 00:12:39,720 okay 355 00:12:39,720 --> 00:12:42,120 so uh that is something which is 356 00:12:42,120 --> 00:12:44,519 happening right like Library collecting 357 00:12:44,519 --> 00:12:46,260 data or apps interacting with each other 358 00:12:46,260 --> 00:12:47,519 and these are active problems which 359 00:12:47,519 --> 00:12:49,440 Android is trying to figure out how to 360 00:12:49,440 --> 00:12:51,540 solve as a platform but I think there 361 00:12:51,540 --> 00:12:53,279 are broader conceptual concerns as well 362 00:12:53,279 --> 00:12:55,680 when it comes to privacy 363 00:12:55,680 --> 00:12:56,399 um 364 00:12:56,399 --> 00:12:58,860 for example scoping of data and 365 00:12:58,860 --> 00:13:01,139 granularized controls 366 00:13:01,139 --> 00:13:03,660 um let's take this case allow SMS 367 00:13:03,660 --> 00:13:06,000 messaging to send and view SMS message 368 00:13:06,000 --> 00:13:08,100 right so when you give this SMS Read 369 00:13:08,100 --> 00:13:10,800 permission it can basically read any SMS 370 00:13:10,800 --> 00:13:12,660 that comes to you and the thing that I 371 00:13:12,660 --> 00:13:15,360 find problematic in this model is that 372 00:13:15,360 --> 00:13:17,279 you're kind of giving access to the 373 00:13:17,279 --> 00:13:18,899 storage so you when you allow the 374 00:13:18,899 --> 00:13:20,339 permission you basically give the keys 375 00:13:20,339 --> 00:13:22,200 to your storage but you do not know what 376 00:13:22,200 --> 00:13:23,760 will end up in your storage right like 377 00:13:23,760 --> 00:13:25,260 what kind of SMS is it holding 378 00:13:25,260 --> 00:13:27,120 confidential information is there a 379 00:13:27,120 --> 00:13:28,980 choice in which we can restrict that no 380 00:13:28,980 --> 00:13:31,560 only SMS from now on or the OTP that 381 00:13:31,560 --> 00:13:33,180 your app needs you should only read that 382 00:13:33,180 --> 00:13:35,220 we cannot Define that choice right so 383 00:13:35,220 --> 00:13:36,660 today when you give lead SMS just 384 00:13:36,660 --> 00:13:38,700 because an app needs to read an OTP you 385 00:13:38,700 --> 00:13:40,920 basically expose the whole SMS stack so 386 00:13:40,920 --> 00:13:42,899 it can contain any SMS it can contain 387 00:13:42,899 --> 00:13:45,060 any pii and that is essentially 388 00:13:45,060 --> 00:13:46,380 additional information that you're 389 00:13:46,380 --> 00:13:48,959 giving off which you don't need to 390 00:13:48,959 --> 00:13:50,519 essentially but we don't have a choice 391 00:13:50,519 --> 00:13:51,959 to restrict that 392 00:13:51,959 --> 00:13:53,760 uh another interesting thing is what 393 00:13:53,760 --> 00:13:55,380 happens to my previously collected data 394 00:13:55,380 --> 00:13:57,420 if I revoke permission so the revoke 395 00:13:57,420 --> 00:13:59,100 permission flow itself is not very well 396 00:13:59,100 --> 00:14:01,320 designed you can go and say that do not 397 00:14:01,320 --> 00:14:03,779 I don't give this permission anymore but 398 00:14:03,779 --> 00:14:06,060 that revocation how is it reflected on 399 00:14:06,060 --> 00:14:07,500 server side have people deleted your 400 00:14:07,500 --> 00:14:09,779 data because you do not want them to use 401 00:14:09,779 --> 00:14:11,940 it anymore that flow is again not there 402 00:14:11,940 --> 00:14:14,459 happening 403 00:14:14,459 --> 00:14:16,380 um and then this is a really interesting 404 00:14:16,380 --> 00:14:18,540 thing that talking about data and it's 405 00:14:18,540 --> 00:14:20,100 not related to Android it's just in 406 00:14:20,100 --> 00:14:22,139 privacy in general whenever you share 407 00:14:22,139 --> 00:14:24,300 information you do not share just your 408 00:14:24,300 --> 00:14:26,880 information right so if you are sharing 409 00:14:26,880 --> 00:14:28,740 suppose you're giving excess of your 410 00:14:28,740 --> 00:14:30,540 gallery your gallery will not hold just 411 00:14:30,540 --> 00:14:32,339 your pictures you're making decision for 412 00:14:32,339 --> 00:14:34,440 other people in your circle whose 413 00:14:34,440 --> 00:14:36,660 pictures are also there in your gallery 414 00:14:36,660 --> 00:14:39,060 and it is interesting it is obviously 415 00:14:39,060 --> 00:14:41,639 complex to solve but 416 00:14:41,639 --> 00:14:43,380 um it kind of gives you like if you 417 00:14:43,380 --> 00:14:44,579 think about the question of can you 418 00:14:44,579 --> 00:14:46,980 actually control uh what amount of your 419 00:14:46,980 --> 00:14:49,320 personal information goes online today 420 00:14:49,320 --> 00:14:52,139 the answer is very difficult you cannot 421 00:14:52,139 --> 00:14:55,620 in a way because if you just talk about 422 00:14:55,620 --> 00:14:58,079 um say contacts for example so let's say 423 00:14:58,079 --> 00:15:01,980 Alice pop and Carol are here in MCH 2022 424 00:15:01,980 --> 00:15:05,279 and they Alice shared the contact to Bob 425 00:15:05,279 --> 00:15:09,540 uh so that they can connect but later on 426 00:15:09,540 --> 00:15:12,120 Bob happens to have a crowdsourcing app 427 00:15:12,120 --> 00:15:14,519 and that contact got uploaded onto the 428 00:15:14,519 --> 00:15:15,300 cloud 429 00:15:15,300 --> 00:15:17,820 the next day Alice found out that hey my 430 00:15:17,820 --> 00:15:19,440 contact is in there and I do not like it 431 00:15:19,440 --> 00:15:21,060 so she raised a request and said that 432 00:15:21,060 --> 00:15:23,699 please take my contact off RPI off the 433 00:15:23,699 --> 00:15:25,680 cloud and they might entertain that 434 00:15:25,680 --> 00:15:27,600 request and take it off but then the 435 00:15:27,600 --> 00:15:29,279 data which has already left Alice's 436 00:15:29,279 --> 00:15:31,620 device has now reached a bob and Bob 437 00:15:31,620 --> 00:15:33,360 happened to share it with Carol and then 438 00:15:33,360 --> 00:15:35,399 Carol happens the app and it again end 439 00:15:35,399 --> 00:15:37,459 up online so basically can you control 440 00:15:37,459 --> 00:15:39,720 the answer is no once you have given the 441 00:15:39,720 --> 00:15:41,459 permission or once you have shared the 442 00:15:41,459 --> 00:15:43,740 basically it goes out of your out of 443 00:15:43,740 --> 00:15:45,360 your reach 444 00:15:45,360 --> 00:15:47,220 so these are the kind of problems that 445 00:15:47,220 --> 00:15:49,560 we are seeing in Android and 446 00:15:49,560 --> 00:15:52,440 um there are initiatives there are talks 447 00:15:52,440 --> 00:15:54,779 around privacy sandbox in Android which 448 00:15:54,779 --> 00:15:57,720 can can potentially help us address it 449 00:15:57,720 --> 00:15:59,759 but there's no significant piece of work 450 00:15:59,759 --> 00:16:02,519 which answers the solution answers the 451 00:16:02,519 --> 00:16:03,839 question or provides a solution right 452 00:16:03,839 --> 00:16:05,399 now 453 00:16:05,399 --> 00:16:07,380 so these are some of the challenges by 454 00:16:07,380 --> 00:16:08,940 platform design and we have not even 455 00:16:08,940 --> 00:16:12,300 touched about the gdpr angle of it so we 456 00:16:12,300 --> 00:16:14,519 have not talked about apps which take 457 00:16:14,519 --> 00:16:16,380 permissions you have given permissions 458 00:16:16,380 --> 00:16:18,360 to them you have trusted them to handle 459 00:16:18,360 --> 00:16:20,759 your data with respect but they end up 460 00:16:20,759 --> 00:16:23,759 exposing it right so there have been 461 00:16:23,759 --> 00:16:25,620 articles these are all fetched from 462 00:16:25,620 --> 00:16:27,180 wired and they keep on happening every 463 00:16:27,180 --> 00:16:28,560 month there are some article or the 464 00:16:28,560 --> 00:16:30,660 other indicating that this app has 465 00:16:30,660 --> 00:16:33,060 leaked information out there and that 466 00:16:33,060 --> 00:16:34,920 kind of shows 467 00:16:34,920 --> 00:16:37,860 at a resist back or an improper process 468 00:16:37,860 --> 00:16:40,860 system or policies around handling user 469 00:16:40,860 --> 00:16:42,540 data 470 00:16:42,540 --> 00:16:44,699 so I would just like you to take a 471 00:16:44,699 --> 00:16:46,860 minute now and think more info about to 472 00:16:46,860 --> 00:16:48,300 use it's stored and monitored online 473 00:16:48,300 --> 00:16:50,339 like can you think about today sitting 474 00:16:50,339 --> 00:16:52,500 here what all information about you 475 00:16:52,500 --> 00:16:54,180 would be online 476 00:16:54,180 --> 00:16:57,839 and when I think about it I am I 477 00:16:57,839 --> 00:17:00,360 basically have no clue and I would not 478 00:17:00,360 --> 00:17:01,980 and I would not blame you because no one 479 00:17:01,980 --> 00:17:03,300 asked you anyway right they just 480 00:17:03,300 --> 00:17:05,520 uploaded it the permission models are 481 00:17:05,520 --> 00:17:07,319 messed so you have a lot of information 482 00:17:07,319 --> 00:17:09,179 whether you believe it or not about you 483 00:17:09,179 --> 00:17:12,000 online and you're being tracked and the 484 00:17:12,000 --> 00:17:14,520 data is being used so that is all I had 485 00:17:14,520 --> 00:17:16,380 to talk about thank you so much for 486 00:17:16,380 --> 00:17:21,079 attending attending the talk and yeah 487 00:17:22,919 --> 00:17:25,140 a DTU thank you so much 488 00:17:25,140 --> 00:17:26,760 um should we take some questions if you 489 00:17:26,760 --> 00:17:27,900 have the time awesome there's two 490 00:17:27,900 --> 00:17:29,460 microphones in the middle folks uh for 491 00:17:29,460 --> 00:17:31,200 the last time let's uh have some 492 00:17:31,200 --> 00:17:33,440 questions 493 00:17:33,440 --> 00:17:37,200 okay Frontline please 494 00:17:37,200 --> 00:17:39,419 does it work yes 495 00:17:39,419 --> 00:17:41,940 all right so far these pop-up messages 496 00:17:41,940 --> 00:17:44,640 I've considered them to either be a 497 00:17:44,640 --> 00:17:46,080 placebo 498 00:17:46,080 --> 00:17:49,320 or one of the ways Google tries to for 499 00:17:49,320 --> 00:17:52,740 the the competition I'm a bit of a cynic 500 00:17:52,740 --> 00:17:54,419 with the uh 501 00:17:54,419 --> 00:17:58,260 these uh these pop-up questions 502 00:17:58,260 --> 00:17:59,820 so 503 00:17:59,820 --> 00:18:02,340 let's reverse it for a moment which of 504 00:18:02,340 --> 00:18:04,200 the pop-up questions you think actually 505 00:18:04,200 --> 00:18:06,620 work 506 00:18:06,720 --> 00:18:08,340 um can you explain what do you mean by 507 00:18:08,340 --> 00:18:09,780 pop-up questions 508 00:18:09,780 --> 00:18:11,760 the uh the pop-up questions for 509 00:18:11,760 --> 00:18:12,900 permission 510 00:18:12,900 --> 00:18:15,780 the permission boxes okay so which 511 00:18:15,780 --> 00:18:19,340 happens work which ones work 512 00:18:19,799 --> 00:18:21,419 um so 513 00:18:21,419 --> 00:18:23,220 see the intention of having them in the 514 00:18:23,220 --> 00:18:24,720 first place was to provide some sort of 515 00:18:24,720 --> 00:18:26,160 controls what we're talking about is 516 00:18:26,160 --> 00:18:28,080 that they are not enough or there is a 517 00:18:28,080 --> 00:18:30,600 lot which can be worked upon so we had 518 00:18:30,600 --> 00:18:33,539 things like for example initially in 519 00:18:33,539 --> 00:18:35,340 order to access Wi-Fi anyone could have 520 00:18:35,340 --> 00:18:36,840 access to your Wi-Fi and then there was 521 00:18:36,840 --> 00:18:38,820 a study that just based on the Wi-Fi 522 00:18:38,820 --> 00:18:40,860 someone can you know interpret the 523 00:18:40,860 --> 00:18:43,200 location of the person so they made that 524 00:18:43,200 --> 00:18:45,120 in order to access Wi-Fi they added the 525 00:18:45,120 --> 00:18:46,260 condition that you need to declare 526 00:18:46,260 --> 00:18:48,360 location permission right so they are 527 00:18:48,360 --> 00:18:49,919 taking his steps in the direction and I 528 00:18:49,919 --> 00:18:51,120 do believe that if I am giving location 529 00:18:51,120 --> 00:18:52,559 permission it kind of gives me a little 530 00:18:52,559 --> 00:18:55,320 bit more like control around whether my 531 00:18:55,320 --> 00:18:57,539 information is going out or not so I 532 00:18:57,539 --> 00:18:59,100 would say that the ones which are there 533 00:18:59,100 --> 00:19:01,440 do work in some capacity but they are 534 00:19:01,440 --> 00:19:03,120 like still loopholes or things that need 535 00:19:03,120 --> 00:19:04,919 to be addressed because even if you give 536 00:19:04,919 --> 00:19:06,360 the permission it is the first level of 537 00:19:06,360 --> 00:19:08,280 control that works but once the data has 538 00:19:08,280 --> 00:19:09,960 gone out after that what happens to our 539 00:19:09,960 --> 00:19:11,940 data there's a lot of you know scope of 540 00:19:11,940 --> 00:19:13,919 flowing data flowing across which you do 541 00:19:13,919 --> 00:19:16,440 not control so 542 00:19:16,440 --> 00:19:18,720 all right and this is again the cynic in 543 00:19:18,720 --> 00:19:23,660 me how much of this is uh intentional 544 00:19:28,020 --> 00:19:28,679 um 545 00:19:28,679 --> 00:19:31,380 it is intentional in a way that if 546 00:19:31,380 --> 00:19:34,140 you're using Google products uh the 547 00:19:34,140 --> 00:19:36,720 advertising model itself would need uh 548 00:19:36,720 --> 00:19:38,580 you know in order to give you the right 549 00:19:38,580 --> 00:19:40,440 ads they need to profile you but at the 550 00:19:40,440 --> 00:19:42,600 same time they claim that you can um you 551 00:19:42,600 --> 00:19:44,280 know remove the advertising ID or you 552 00:19:44,280 --> 00:19:46,200 have the rights to get off the system 553 00:19:46,200 --> 00:19:48,539 not get personalized ads so the talks we 554 00:19:48,539 --> 00:19:49,620 are talking about like the things we're 555 00:19:49,620 --> 00:19:51,120 talking about here is how effective are 556 00:19:51,120 --> 00:19:52,980 those controls right so the choice 557 00:19:52,980 --> 00:19:54,360 should be there the model is 558 00:19:54,360 --> 00:19:56,460 unfortunately unfortunately advertising 559 00:19:56,460 --> 00:19:58,679 model so it is intentional of course but 560 00:19:58,679 --> 00:20:00,299 then do you have a choice to be off grid 561 00:20:00,299 --> 00:20:02,159 that that choice is something that we 562 00:20:02,159 --> 00:20:03,720 are discussing here 563 00:20:03,720 --> 00:20:05,840 thank you 564 00:20:06,240 --> 00:20:08,280 at first thank you for your talk of 565 00:20:08,280 --> 00:20:09,539 course 566 00:20:09,539 --> 00:20:12,059 um I have too few quick questions first 567 00:20:12,059 --> 00:20:16,200 about the uh sandbox about the modern 568 00:20:16,200 --> 00:20:18,780 Androids with the work profiles like 569 00:20:18,780 --> 00:20:21,059 there are different apps which are able 570 00:20:21,059 --> 00:20:23,580 to sandbox or use the work profile as a 571 00:20:23,580 --> 00:20:25,500 Sandbox I was wondering about the 572 00:20:25,500 --> 00:20:27,720 different permission models like is 573 00:20:27,720 --> 00:20:30,179 there is it as secure as they say or is 574 00:20:30,179 --> 00:20:32,520 there a data being shared between the 575 00:20:32,520 --> 00:20:35,460 work profile and the normal personal 576 00:20:35,460 --> 00:20:37,620 profile 577 00:20:37,620 --> 00:20:39,720 um so I have not worked a lot with work 578 00:20:39,720 --> 00:20:41,220 profiles they have introduced it 579 00:20:41,220 --> 00:20:43,200 recently but based on whatever I've read 580 00:20:43,200 --> 00:20:46,440 in the documentation they have ways in 581 00:20:46,440 --> 00:20:48,179 which you can share information across 582 00:20:48,179 --> 00:20:49,500 but again you have to be explicit about 583 00:20:49,500 --> 00:20:50,700 and then they have some sort of 584 00:20:50,700 --> 00:20:52,400 permission model around it 585 00:20:52,400 --> 00:20:55,140 I think it's logically a separate space 586 00:20:55,140 --> 00:20:56,580 so they have kind of tried to create the 587 00:20:56,580 --> 00:20:58,320 same different users kind of stuff like 588 00:20:58,320 --> 00:20:59,760 you have in Linux another layer on top 589 00:20:59,760 --> 00:21:01,440 of that that you cannot share resources 590 00:21:01,440 --> 00:21:04,080 altogether and when I try to create in 591 00:21:04,080 --> 00:21:05,580 an app and work profile it was actually 592 00:21:05,580 --> 00:21:07,860 difficult to have that communication so 593 00:21:07,860 --> 00:21:09,600 I would say that yeah it does work but 594 00:21:09,600 --> 00:21:10,919 I've not done a thorough City to say 595 00:21:10,919 --> 00:21:13,200 yeah it's fully secure in the way they 596 00:21:13,200 --> 00:21:15,419 are claiming it to be and one last 597 00:21:15,419 --> 00:21:17,880 question is about the global permission 598 00:21:17,880 --> 00:21:21,299 model because some phones have also like 599 00:21:21,299 --> 00:21:23,820 you say like you you cannot declare a 600 00:21:23,820 --> 00:21:25,679 specific permission for the apps like 601 00:21:25,679 --> 00:21:27,240 which apps are installed on your device 602 00:21:27,240 --> 00:21:29,640 but there are Global permissions like 603 00:21:29,640 --> 00:21:31,860 allow apps to view other apps installs 604 00:21:31,860 --> 00:21:34,140 on the device if you turn it off no app 605 00:21:34,140 --> 00:21:37,559 will be able to uh to use it okay can 606 00:21:37,559 --> 00:21:39,720 you tell me some more about how these 607 00:21:39,720 --> 00:21:42,299 are these vendor specific or are they 608 00:21:42,299 --> 00:21:47,039 built in hours or like how do they work 609 00:21:47,039 --> 00:21:50,220 um the global affirmations yeah I do not 610 00:21:50,220 --> 00:21:52,080 know how to do that's probably not the 611 00:21:52,080 --> 00:21:53,760 official term but they are in the 612 00:21:53,760 --> 00:21:56,640 settings app they are like setting allow 613 00:21:56,640 --> 00:21:59,700 apps to view other apps on your device 614 00:21:59,700 --> 00:22:02,220 or allow apps to know which other apps 615 00:22:02,220 --> 00:22:03,960 are installed on the device that's the 616 00:22:03,960 --> 00:22:05,580 thing which doesn't have a app to app 617 00:22:05,580 --> 00:22:07,440 specific permission but you can turn it 618 00:22:07,440 --> 00:22:08,400 off 619 00:22:08,400 --> 00:22:11,220 oh okay uh so you think that a 620 00:22:11,220 --> 00:22:12,900 particular permission is given to all 621 00:22:12,900 --> 00:22:14,340 different apps and then you can select 622 00:22:14,340 --> 00:22:15,720 which apps have their permission or not 623 00:22:15,720 --> 00:22:18,539 no it's more like there's one setting in 624 00:22:18,539 --> 00:22:21,720 the privacy app like turn off that apps 625 00:22:21,720 --> 00:22:23,700 will be able to view apps insults on the 626 00:22:23,700 --> 00:22:26,760 device and when it's off no app on the 627 00:22:26,760 --> 00:22:28,980 device can view which other apps are in 628 00:22:28,980 --> 00:22:31,080 cells on the device oh okay so you're 629 00:22:31,080 --> 00:22:32,820 talking about yeah yeah so the editor 630 00:22:32,820 --> 00:22:34,140 permission I think in after Android 10 631 00:22:34,140 --> 00:22:35,640 or Android 11 where you need to define 632 00:22:35,640 --> 00:22:37,679 the permission in order to see other 633 00:22:37,679 --> 00:22:40,799 apps installed but this thing worked on 634 00:22:40,799 --> 00:22:42,780 the latest model as well and if the 635 00:22:42,780 --> 00:22:44,400 permission so there is some permission 636 00:22:44,400 --> 00:22:46,440 around the extracting the code so from 637 00:22:46,440 --> 00:22:48,000 an app you can also extract the code of 638 00:22:48,000 --> 00:22:51,419 other app that is how usually uh apps 639 00:22:51,419 --> 00:22:53,340 scanning or code scanning tools work on 640 00:22:53,340 --> 00:22:55,559 device so they have added some 641 00:22:55,559 --> 00:22:56,700 restrictions around whether you can 642 00:22:56,700 --> 00:22:58,860 acquire the code the binaries of the 643 00:22:58,860 --> 00:23:00,480 other app through your app but the 644 00:23:00,480 --> 00:23:01,860 package names or the name of the apps 645 00:23:01,860 --> 00:23:04,020 can be attained and and if there was a 646 00:23:04,020 --> 00:23:05,340 permission I think this one worked 647 00:23:05,340 --> 00:23:07,080 without permission but the permission 648 00:23:07,080 --> 00:23:08,760 that they have added also normal so it 649 00:23:08,760 --> 00:23:11,159 would not be taking users uh you know 650 00:23:11,159 --> 00:23:13,980 user won't be shown the prompt to allow 651 00:23:13,980 --> 00:23:16,320 let an app read other apps it will just 652 00:23:16,320 --> 00:23:18,780 work in background I'll show it later 653 00:23:18,780 --> 00:23:21,059 yeah sure let's let's discuss it off 654 00:23:21,059 --> 00:23:22,799 after this 655 00:23:22,799 --> 00:23:24,059 okay 656 00:23:24,059 --> 00:23:26,460 all right uh thank you for the very 657 00:23:26,460 --> 00:23:29,179 interesting talk 658 00:23:29,460 --> 00:23:33,380 is there any way you you could 659 00:23:33,380 --> 00:23:36,780 turn all those permissions off you show 660 00:23:36,780 --> 00:23:40,980 that that even an app which has no 661 00:23:40,980 --> 00:23:43,220 permissions at all 662 00:23:43,220 --> 00:23:46,260 has a lot of permissions anyway 663 00:23:46,260 --> 00:23:51,020 so could you turn off those permissions 664 00:23:51,020 --> 00:23:55,679 for example to delete them from an XML 665 00:23:55,679 --> 00:23:57,659 file 666 00:23:57,659 --> 00:23:58,500 um 667 00:23:58,500 --> 00:24:02,340 because I have no smartphone and that's 668 00:24:02,340 --> 00:24:04,620 yeah and that's and that's that that's 669 00:24:04,620 --> 00:24:07,140 of course a a good way not to be 670 00:24:07,140 --> 00:24:09,059 profiled that way 671 00:24:09,059 --> 00:24:11,940 but it becomes much more difficult uh 672 00:24:11,940 --> 00:24:14,520 time proceeds because uh everyone 673 00:24:14,520 --> 00:24:16,799 expects you to have one 674 00:24:16,799 --> 00:24:17,820 so 675 00:24:17,820 --> 00:24:21,659 is there a way to uh to turn profiling 676 00:24:21,659 --> 00:24:23,220 off 677 00:24:23,220 --> 00:24:26,240 currently no 678 00:24:30,539 --> 00:24:32,640 thanks for your question though um maybe 679 00:24:32,640 --> 00:24:34,140 in addition to the question of the 680 00:24:34,140 --> 00:24:36,120 previous gentleman if you use an open 681 00:24:36,120 --> 00:24:37,919 source Android distribution instead of 682 00:24:37,919 --> 00:24:39,419 the one that comes pre-installed with 683 00:24:39,419 --> 00:24:41,279 your phone would that then solve these 684 00:24:41,279 --> 00:24:43,080 problems or at least improve them or 685 00:24:43,080 --> 00:24:45,419 does that doesn't even matter 686 00:24:45,419 --> 00:24:47,700 I think it depends on if you want to 687 00:24:47,700 --> 00:24:49,500 play around with Android OS you can as 688 00:24:49,500 --> 00:24:51,240 well create yourself like I have known 689 00:24:51,240 --> 00:24:53,640 people taking care of the analytics 690 00:24:53,640 --> 00:24:55,080 module or how the collection happens and 691 00:24:55,080 --> 00:24:56,880 making changes somewhere there and 692 00:24:56,880 --> 00:24:59,700 having a custom OS version like the 693 00:24:59,700 --> 00:25:01,799 vanilla one but blocking certain things 694 00:25:01,799 --> 00:25:03,480 and then it's flashing that on their 695 00:25:03,480 --> 00:25:05,279 mobile and using it to be more secure so 696 00:25:05,279 --> 00:25:07,320 I've seen people doing that uh if you're 697 00:25:07,320 --> 00:25:10,080 using oems I think those are even more 698 00:25:10,080 --> 00:25:12,840 bizarre because a lot of oems like oems 699 00:25:12,840 --> 00:25:15,000 by OEM I mean Samsung and other other 700 00:25:15,000 --> 00:25:17,100 device manufacturers they are coming up 701 00:25:17,100 --> 00:25:19,020 with pre-installed apps right so a bunch 702 00:25:19,020 --> 00:25:21,480 of them more than what you need or what 703 00:25:21,480 --> 00:25:23,700 Android vanilla Android offers a lot of 704 00:25:23,700 --> 00:25:25,860 them are like just custom apps which 705 00:25:25,860 --> 00:25:27,900 actually work or run at the system level 706 00:25:27,900 --> 00:25:29,340 itself seeing everything that you're 707 00:25:29,340 --> 00:25:31,440 doing on device so 708 00:25:31,440 --> 00:25:32,940 um OEM would be like the least 709 00:25:32,940 --> 00:25:35,520 preference building your own Android OS 710 00:25:35,520 --> 00:25:37,200 which will take a bunch of work but 711 00:25:37,200 --> 00:25:38,940 building that and then customizing it is 712 00:25:38,940 --> 00:25:40,320 a good option if you are interested in 713 00:25:40,320 --> 00:25:41,940 that you can do that that will 714 00:25:41,940 --> 00:25:43,559 definitely help or reduce it in some 715 00:25:43,559 --> 00:25:44,940 extent but again you have to be 716 00:25:44,940 --> 00:25:45,960 conscious of the apps that you're 717 00:25:45,960 --> 00:25:48,000 installing right so if the apps itself 718 00:25:48,000 --> 00:25:50,279 is collecting your information uh the 719 00:25:50,279 --> 00:25:51,659 change that you would be doing on kernel 720 00:25:51,659 --> 00:25:53,400 level is restrict them to collect the 721 00:25:53,400 --> 00:25:54,779 information so if you're able to do that 722 00:25:54,779 --> 00:25:57,360 in the source code awesome uh if you're 723 00:25:57,360 --> 00:25:58,679 not then you have to be conscious of the 724 00:25:58,679 --> 00:26:00,299 apps that you're installing all right 725 00:26:00,299 --> 00:26:02,659 thank you okay thank you 726 00:26:02,659 --> 00:26:05,760 uh hello thank you for the wonderful 727 00:26:05,760 --> 00:26:08,820 talk and this is indeed quite scary to 728 00:26:08,820 --> 00:26:11,340 talk about uh to think about I was 729 00:26:11,340 --> 00:26:13,799 wondering uh what's your impression of 730 00:26:13,799 --> 00:26:17,880 the iOS model in that regard I maybe I 731 00:26:17,880 --> 00:26:20,340 have missed the part but personally I've 732 00:26:20,340 --> 00:26:23,700 been quite impressed with like 733 00:26:23,700 --> 00:26:26,039 occasional granularity of permissions 734 00:26:26,039 --> 00:26:28,260 that I have been asked for 735 00:26:28,260 --> 00:26:32,340 yeah so I guess iOS I would say 736 00:26:32,340 --> 00:26:32,940 um 737 00:26:32,940 --> 00:26:34,679 so there's a catch here right anyway if 738 00:26:34,679 --> 00:26:36,779 you're using Google or Apple the first 739 00:26:36,779 --> 00:26:37,919 thing you're doing as soon as you buy 740 00:26:37,919 --> 00:26:39,480 the devices is showing your confidence 741 00:26:39,480 --> 00:26:40,860 in the company so they will be taking 742 00:26:40,860 --> 00:26:42,900 the data for sure but now the question 743 00:26:42,900 --> 00:26:44,400 comes whether the data is just with the 744 00:26:44,400 --> 00:26:46,020 company or is it going with advertisers 745 00:26:46,020 --> 00:26:48,419 or trackers so in iOS I found that they 746 00:26:48,419 --> 00:26:50,640 I think recently they introduced a 747 00:26:50,640 --> 00:26:52,200 feature in their setting in privacy 748 00:26:52,200 --> 00:26:55,380 settings uh to stop tracking from across 749 00:26:55,380 --> 00:26:57,120 all the apps and that has actually made 750 00:26:57,120 --> 00:26:59,400 a lot of other companies who rely on 751 00:26:59,400 --> 00:27:01,200 data really angry because they are not 752 00:27:01,200 --> 00:27:02,820 able to get the right information to 753 00:27:02,820 --> 00:27:05,279 profile and do their work so they have 754 00:27:05,279 --> 00:27:06,840 added that and I actually respect them 755 00:27:06,840 --> 00:27:08,460 for doing that they also have features 756 00:27:08,460 --> 00:27:09,900 like for example in Instagram if you're 757 00:27:09,900 --> 00:27:11,400 sharing photo rather than giving access 758 00:27:11,400 --> 00:27:13,559 to your whole Gallery they ask you to 759 00:27:13,559 --> 00:27:14,880 pick the photos so those are the kind of 760 00:27:14,880 --> 00:27:16,440 controls which can potentially be there 761 00:27:16,440 --> 00:27:18,179 in Android as well but we do not see 762 00:27:18,179 --> 00:27:19,919 them and Android much so my preference 763 00:27:19,919 --> 00:27:21,840 would be a little bit towards iOS not an 764 00:27:21,840 --> 00:27:24,600 official statement though yeah 765 00:27:24,600 --> 00:27:26,100 thank you 766 00:27:26,100 --> 00:27:28,440 I think the approach you're taking with 767 00:27:28,440 --> 00:27:30,480 the uh the app that has no permissions 768 00:27:30,480 --> 00:27:32,340 and seeing what it can do is interesting 769 00:27:32,340 --> 00:27:35,520 and it's shocking to see how many data 770 00:27:35,520 --> 00:27:38,220 points you can still retrieve yeah 771 00:27:38,220 --> 00:27:40,200 um this is a bad point of course for 772 00:27:40,200 --> 00:27:42,960 Androids compared to Linux but on the 773 00:27:42,960 --> 00:27:45,600 other hand if you look at a normal Linux 774 00:27:45,600 --> 00:27:46,740 distribution 775 00:27:46,740 --> 00:27:49,080 it tends to run all the apps as the same 776 00:27:49,080 --> 00:27:51,059 user with access to all the same data 777 00:27:51,059 --> 00:27:54,179 now if you combined the two and take a 778 00:27:54,179 --> 00:27:56,399 Sandbox on the Linux in which you run 779 00:27:56,399 --> 00:27:58,860 each app in its own sandbox it would be 780 00:27:58,860 --> 00:28:00,299 interesting to see how much information 781 00:28:00,299 --> 00:28:03,419 your app would still report 782 00:28:03,419 --> 00:28:07,080 you might know you can run APK files on 783 00:28:07,080 --> 00:28:09,899 your desktop or on other mobile 784 00:28:09,899 --> 00:28:12,659 operating systems that have a sort of 785 00:28:12,659 --> 00:28:15,539 emulation layer for running APK files it 786 00:28:15,539 --> 00:28:17,100 would be interesting to see how your app 787 00:28:17,100 --> 00:28:19,200 has in that 788 00:28:19,200 --> 00:28:21,240 uh so you think you're talking I did not 789 00:28:21,240 --> 00:28:22,980 fully understand it but is your question 790 00:28:22,980 --> 00:28:24,720 around application sandboxing and 791 00:28:24,720 --> 00:28:26,880 whether that because Android does it in 792 00:28:26,880 --> 00:28:29,159 some ways I'm trying to understand so 793 00:28:29,159 --> 00:28:32,159 instead of taking Androids take a Linux 794 00:28:32,159 --> 00:28:35,279 distribution yeah and a program like 795 00:28:35,279 --> 00:28:38,480 Mbox which can run Android applications 796 00:28:38,480 --> 00:28:41,580 take your application run it in there 797 00:28:41,580 --> 00:28:44,220 and see how much is still revealed 798 00:28:44,220 --> 00:28:46,320 because if you do that you have a 799 00:28:46,320 --> 00:28:48,720 separate sandbox on Linux for every app 800 00:28:48,720 --> 00:28:52,140 yeah I think yes uh that is interesting 801 00:28:52,140 --> 00:28:53,580 there are two questions two things that 802 00:28:53,580 --> 00:28:56,039 come to my mind right now here uh one is 803 00:28:56,039 --> 00:28:58,860 the way so Android had that as I got in 804 00:28:58,860 --> 00:29:00,539 forking off Zygarde because of memory 805 00:29:00,539 --> 00:29:02,760 optimization and like it's a smaller 806 00:29:02,760 --> 00:29:04,980 chip they want to make it work in 807 00:29:04,980 --> 00:29:06,960 Pockets like it is a thing which will be 808 00:29:06,960 --> 00:29:08,159 there and a lot of apps so they have 809 00:29:08,159 --> 00:29:10,200 done optimizations around that right so 810 00:29:10,200 --> 00:29:11,820 it's like all the things that I am 811 00:29:11,820 --> 00:29:13,380 taking are kind of global common 812 00:29:13,380 --> 00:29:15,600 utilities basically the information that 813 00:29:15,600 --> 00:29:17,220 I got from and it's already loaded in 814 00:29:17,220 --> 00:29:19,020 zygot and it's working on zygots you 815 00:29:19,020 --> 00:29:21,419 already have that permission right so if 816 00:29:21,419 --> 00:29:23,159 you are trying to completely sandbox it 817 00:29:23,159 --> 00:29:24,840 it might work but it might not be 818 00:29:24,840 --> 00:29:26,760 performant or efficient or might 819 00:29:26,760 --> 00:29:28,799 conflict with the initial ideologies of 820 00:29:28,799 --> 00:29:31,140 why they chose it to be working another 821 00:29:31,140 --> 00:29:32,820 thing is in Android there's a lot of 822 00:29:32,820 --> 00:29:34,200 cross app interaction which is 823 00:29:34,200 --> 00:29:36,000 intentional right like if you're going 824 00:29:36,000 --> 00:29:37,260 to Whatsapp you want to add a contact 825 00:29:37,260 --> 00:29:39,480 you're talking to another app there and 826 00:29:39,480 --> 00:29:40,679 that is intentional that offers Rich 827 00:29:40,679 --> 00:29:42,779 functionality uh and convenience to user 828 00:29:42,779 --> 00:29:46,260 so it cannot completely piece and box is 829 00:29:46,260 --> 00:29:48,419 still right so that is the problem okay 830 00:29:48,419 --> 00:29:51,000 thank you yeah okay I'm sorry but we are 831 00:29:51,000 --> 00:29:53,220 out of time now so I'm afraid no more 832 00:29:53,220 --> 00:29:55,140 questions uh perhaps the DT would uh 833 00:29:55,140 --> 00:29:57,059 hang around afterwards maybe if folks 834 00:29:57,059 --> 00:29:58,380 have any others 835 00:29:58,380 --> 00:30:00,659 um thank you once again Aditi please for 836 00:30:00,659 --> 00:30:01,919 the last time everyone let's give it 837 00:30:01,919 --> 00:30:03,539 easy a big round of applause 838 00:30:03,539 --> 00:30:04,470 thank you 839 00:30:04,470 --> 00:30:11,700 [Applause]