Mallory Used to Discover Apps are Watching You
There is a good bit of discussion today regarding privacy and mobile applications. Specifically, the folks at Veracode ripped apart Pandora for Android and made some interesting discoveries. This research was spurred by this WSJ article: Mobile-App Makers Face U.S. Privacy Investigation. Referenced in the most recent WSJ article is an older article regarding research performed on a much larger group of applications: Your Apps Are Watching You. Digging a little deeper WSJ discloses their methodology used for their December research. If you read to the very last line of the methodology the article says, “He used an open-source tool called “Mallory” to decrypt encrypted data.”.
So, what is my point? That you should get to know Mallory. Intrepidus Group is actively working on the next release of Mallory to include many enhancements aimed at usability and making it a more comprehensive testing tool that makes it easy to perform research, such as that conducted by the WSJ. You can follow our active development at our Mallory Bitbucket repository. We plan to unveil a new release at SOURCE Boston where Raj and I will be giving a talk on a bevy of new features for both developers and security professionals alike.
Post a comment or leave a trackback: Trackback URL.
