Automated reverse-engineering and auditing of mobile apps
Privacy intrusive apps has been in the news lately and it’s clear that a lot of people don’t know what the apps on their phone actually do. The goal of this Hackathon is to create an embryo for a service that create a privacy score for apps based on reverse-engineering and static code analysis to check for specific API-calls and (tracking) libraries.
The Hackathon will be inspired by the design sprint where the idea, design and prototype(s) will be explored and developed together and in smaller teams.
The overall question we want to answer is “What can we do to expose the privacy intrusion of individual mobile apps and help people make conscious decisions if an app is worth installing” and in the long run to raise the awareness and influence app developers to make apps that respects user privacy.
Normally a design sprint is 5 days, since we want to do it in 2.5h we’ll have to cut a lot of corners.
The agenda will be something like this:
- Quick intro to the goal
- Interview áka “Ask the expert” where we sit down in a group and narrow down the solution and identify possible obstacles
- Map - Identify actors and actor goals
- Here we have to split the group into UI and Tech
|- Sketch - We sketch different “concepts” as 1 big + crazy eights
- Decide on one concept and create a storyboard of all screens and actions
- Prototype (on paper or a mock/real UI)
|- Design/discuss the different technical obstacles and solutions
- Sync interface with UI team
- Discuss next steps
To join this Hackathon you should have relevant experience in any of the following fields:
- Android/iOS reverse-engineering
- Static code analysis or similar
- UX-/UI-design and/or frontend development
- Backend development
- How to isolate somewhat dangerous server side code (think running hackish tools with user-input binary blobs and protect against things like zipbombs, file hijacking and command injection)
The goal is to have prototypes of the UX and a rudimentary privacy score algorithm using reverse engineering and static analysis. All work will be published open source and hopefully people will continue to work on the project to get a working service up and running.
17.30-18.00 Pre-event mingle 18.00-18.15 Introduction to the objective 18.15-20.30 Mini design sprint 20.30-21.00 Demo and next steps
Code of Conduct
Please read our Code of Conduct before attending the event.
When and where
When: May 16th, 2019, 17.30 (door closes at 18.00)
Where: Regeringsg. 30, Stockholm. Follow the 0xFF-signs, 4th floor, “Convendum”. OpenStreetMap
The event is free of charge but the number of seats are limited.
The registration is now closed.