Secure Systems Engineering, Spring 2024

Lab 4

Please read this description in its entirety before starting the lab!

Introduction

In today’s hyper-connected world, our smartphones have become an extension of ourselves. But how much personal information resides within our devices? In this lab, we will explore privacy in the context of our smartphones, exploring how apps and services collect your data, and most importantly, how to take control.

Learning objectives

In this lab, you will:

Helpful resources

Lab setup

We will need to use smartphones for this lab. If you do not have a smartphone (or did not bring it to class), use another group member’s smartphone. If none of you have a smartphone, please see the instructor.

Part 1: Your data

We are first going to investigate the types of privacy options available on your phone. Open up your phone’s Settings, and go to the Privacy section.

Discuss the following questions with your group. Then, type up your responses.

  1. What kinds of data do you have control over? Do you and your group members have control over the same types of data?
  2. Are you surprised at any of the data sources? Why or why not?
  3. Why does your phone have so much data?
  4. Include a screenshot of each of your phones’ Privacy settings. Feel free to redact/censor any personal information.

Part 2: Location data

Next, we will take a look at how location data is used in particular. Open your phone’s Location privacy settings.

Discuss the following questions with your group. Then, type up your responses.

  1. How many apps have you given permissions for location data?
  2. What kinds of location data have you given your apps?
  3. How much control do you have over core system services using your location?
  4. How many apps do you think store your location in the cloud?
  5. Include a screenshot of each of your phones’ Location privacy settings. Feel free to redact/censor any personal information.

Part 3: End-to-end privacy

We will take a step back from our phones, and take a look at the services that we use via our phones. Look through the messaging and social media apps you have downloaded.

Discuss the following questions with your group. Then, type up your responses.

  1. What messaging apps do each of you have?
  2. Which of them are end-to-end encrypted, and how many of them have cloud storage? You may have to do some outside research to answer this question.
  3. What social media apps do each of you have?
  4. How old is your earliest post on each app?

Part 4: Social networks

Pick a specific social network app on your phone. This app can be traditionally considered social media, such as Facebook, X (Twitter), Instagram, or TikTok, or it can be an app with social features, such as Venmo or Steam. Open such an app, and navigate to its Privacy settings. Each group member should pick a different app.

Discuss the following questions with your group. Then, type up your responses.

  1. How easy was it to get to the Privacy settings for each of your chosen apps?
  2. With how many people are you sharing your individual posts on each app?
  3. What could a public (not a friend) user on the app find out about you?
  4. Include a screenshot of each of your chosen app’s Privacy settings. Feel free to redact/censor any personal information.

Part 5: Signal

Finally, we’ll take a look at Signal. Go to https://signal.org/install on your phone to download and install the Signal app. Add your group project members on Signal. Play around with the app, and try to send some messages. Consider using Signal to coordinate for your group project!

Discuss the following questions with your group. Then, type up your responses.

  1. What features did you see in Signal?
  2. How was using Signal different from traditional, cloud-based messaging apps?
  3. Was the cryptography involved evident?

What to turn in

Upload the following to Blackboard before the due date above:

Only one submission per group is necessary. Blackboard is set up with your project groups for this lab.