Have you ever wanted to know what your phone is up to?
Good, then this article is for you.
Phones are locked down so you don’t have to worry about what’s going on under the hood. That’s great if you want a device that
Just Works, and it’s the exact opposite if you’re the kind of person that worries about what it might be up to – like me.
Fortunately, if you have a bit of time and some technical skills, there are some simple ways to see what your apps are up to.
One of the things I worry about is oversharing – apps sending out more data than they need to, or transmitting data in insecure ways – such as using unencrypted HTTP requests instead of HTTPS.
My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP
Mobile Security Testing Guide.
I’ll tell you what I did, what I discovered and how you can do it to.