Home > Articles

  • Print
  • + Share This
This chapter is from the book

8.4 Online Privacy Threats

As with any other area of privacy, the first step in developing privacy by design and privacy engineering solutions for online privacy is to define the threats to online privacy. This section looks at these threats in the two areas covered by this chapter: web application privacy and mobile app privacy.

Web Application Privacy

The Open Web Application Security Project (OWASP) Top 10 Privacy Risks Project provides a list of the top privacy risks in web applications. The goal of the project is to identify the most important technical and organizational privacy risks for web applications, from the perspectives of both the user (data subject) and the provider (data owner). The risks are:

  • Web application vulnerabilities: Failing to suitably design and implement an application, detect a problem, or promptly apply a fix (patch), which is likely to result in a privacy breach. Vulnerability is a key problem in any system that guards or operates on sensitive user data.

  • User-side data leakage: Failing to prevent the leakage of any information containing or related to user data, or the data itself, to any unauthorized party resulting in loss of data confidentiality. Leakage may be introduced due to either intentional malicious breach or unintentional mistake (e.g., caused by insufficient access management controls, insecure storage, duplication of data, or a lack of awareness).

  • Insufficient data breach response: Not informing the affected persons (data subjects) about a possible breach or data leak, resulting either from intentional or unintentional events; failure to remedy the situation by fixing the cause; not attempting to limit the leaks.

  • Insufficient deletion of personal data: Failing to delete personal data effectively and/or in a timely fashion after termination of the specified purpose or upon request.

  • Non-transparent policies, terms, and conditions: Not providing sufficient information describing how data are processed, such as their collection, storage, and processing. Failure to make this information easily accessible and understandable for non-lawyers.

  • Collection of data not required for the primary purpose: Collecting descriptive, demographic, or any other user-related data that are not needed for the purposes of the system. Applies also to data for which the user did not provide consent.

  • Sharing of data with third party: Providing user data to a third party without obtaining the user’s consent. Sharing results either due to transfer or exchanging for monetary compensation or otherwise due to inappropriate use of third-party resources included in websites, such as widgets (e.g., maps, social networking buttons), analytics, or web bugs (e.g., beacons).

  • Outdated personal data: Using outdated, incorrect, or bogus user data and failing to update or correct the data.

  • Missing or insufficient session expiration: Failing to effectively enforce session termination. May result in collection of additional user data without the user’s consent or awareness.

  • Insecure data transfer: Failing to provide data transfers over encrypted and secured channels, excluding the possibility of data leakage. Failing to enforce mechanisms that limit the leak surface (e.g., allowing to infer any user data out of the mechanics of web application operation).

Table 8.2 shows the results of an OWASP survey of privacy and security experts that estimates the frequency and impact of each of the 10 privacy risks.

TABLE 8.2 Web Application Privacy Risks

Privacy Risk

Frequency

Impact

Web application vulnerabilities

High

Very high

Operator-sided data leakage

High

Very high

Insufficient data breach response

High

Very high

Insufficient deletion of personal data

Very high

High

Non-transparent policies, terms, and conditions

Very high

High

Collection of data not required for the primary purpose

Very high

High

Sharing of data with third party

High

High

Outdated personal data

High

Very high

Missing or insufficient session expiration

Medium

Very high

Insecure data transfer

Medium

Very high

Mobile App Privacy

Privacy threats related to mobile apps fall into two categories: threats that exploit vulnerabilities in apps that are not themselves malicious and threats related to the installation of malicious apps.

Threats Against Vulnerable Applications

Legitimate mobile apps may be vulnerable to a number of privacy and security threats, typically due to poor coding practices used in app development or underlying vulnerabilities in the mobile device operating system. Consider the following threats against vulnerable applications, encompassing both privacy and security threats [DHS17]:

  • Insecure network communications: Network traffic needs to be securely encrypted to prevent an adversary from eavesdropping. Apps need to properly authenticate the remote server when connecting to prevent man-in-the-middle attacks and connection to malicious servers.

  • Web browser vulnerabilities: Adversaries can exploit vulnerabilities in mobile device web browser applications as an entry point to gain access to a mobile device.

  • Vulnerabilities in third-party libraries: Third-party software libraries are reusable components that may be distributed freely or offered for a fee to other software vendors. Software development by component or modules may be more efficient, and third-party libraries are routinely used across the industry. However, a flawed library can introduce vulnerabilities in any app that includes or makes use of that library. Depending on the pervasiveness of the library, its use can potentially affect thousands of apps and millions of users.

  • Cryptographic vulnerabilities: Cryptographic vulnerabilities can occur due to failure to use cryptographic protections for sensitive data, due to the improper implementation of a secure cryptographic algorithm, or due to the use of a proprietary cryptographic technique that can be more easily cracked than those validated and recommended for use by NIST.

Threats from Potentially Harmful Applications

Harmful applications are designed to gather or compromise sensitive information. Consider the following examples [DHS17]:

  • Apps that gather privacy-sensitive information: These are malicious apps that can collect information such as device persistent identifiers, device location, list of installed applications, contact lists, call logs, calendar data, or text messages without adequate consent of the user.

  • Surreptitious eavesdropping: These apps access device sensors to eavesdrop or photograph the user or others.

  • Exploiting vulnerabilities: Apps may be designed to take advantage of vulnerabilities in other apps, the operating system, or other device components, despite the isolation capabilities of the mobile OS.

  • Manipulation of trusted apps: These apps masquerade as benign (and often popular) applications. Downloaded unwittingly by a user, such an app then performs any number of malicious activities without the user’s awareness. Some effectively mimic the real app’s behavior on the surface, making it difficult for users to recognize the risks to which they are exposed.

  • Sharing of data between trusted apps: Apps may share data with external resources, such as Dropbox, without the user’s awareness.

A useful source of information on both threats against vulnerable apps and threats from potentially harmful apps is the Mobile Threat Catalogue maintained by NIST (https://pages.nist.gov/mobile-threat-catalogue).

  • + Share This
  • 🔖 Save To Your Account