BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Android App Usage and Cell Tower Location: Private. 
 Sensitive.\n   Available to Anyone?\n   When: Friday\, Aug 9\, 15:00 - 15:
 45 PDT\n   Where: LVCC West/Floor 1/Hall 1/Track 4 - [1]Map\n\n   Descript
 ion:\n\n   Do you consider the list of mobile apps you use and the frequen
 cy at\n   which you use them private information? What about the GPS coord
 inates\n   of the cell towers to which your smartphone connects? The Andro
 id\n   framework restricts third-party apps from freely obtaining this\n  
  information – unless the user explicitly grants the app access.\n   And
 roid is a diverse ecosystem that comes with many benefits\, but\n   device
  vendors can still unintentionally expose app usage and device\n   locatio
 n in a variety of ways. We uncover privacy leaks of both types\n   of data
 \, where pre-loaded vendor software exposes app usage and\n   location to 
 co-located software. We also explore various local\n   exposures of this d
 ata\, where it is leaked to resources that do not\n   require any special 
 permissions or privileges to access.\n\n   We discovered these leakages ac
 ross several major vendors\, including\n   Samsung\, Nokia\, Transsion bra
 nds (i.e.\, Tecno\, Infinix\, and Itel)\, and\n   additional vendors that 
 utilize a pre-installed Qualcomm app for\n   performance monitoring. We co
 ver each of these exposures in detail.\n   App usage reveals the subset of
  the apps that the user actually\n   interacts with\, which can be collect
 ed\, combined with location data\,\n   and analyzed for advertising\, prof
 iling\, and establishing user\n   pattern-of-life.\n\n     1. [2]link\n\n 
     2. [3]link\n\n     3. [4]link\n\n     4. [5]link\n\n     5. [6]link\n\
 n     6. [7]link\n\n     7. [8]link\n\n     8. [9]link\n\n     9. [10]link
 \n\n     10. [11]link\n\n     11. [12]link\n\n     12. [13]link\n\n     13
 . [14]link\n\n     14. [15]link\n\n     15. [16]link\n\n     16. [17]link\
 n\n     17. [18]link\n\n     18. [19]link\n\n     19. [20]link\n\n     20.
  [21]link\n\n     21. [22]link\n\n     22. [23]link\n\n     23. [24]link\n
 \n     24. [25]link\n\n     25. [26]link\n\n   SpeakerBio:  Ryan Johnson\,
  Senior Director\, R&D at Quokka\n\n   Dr. Ryan Johnson is a Senior Direct
 or\, R&D at Quokka (formerly\n   Kryptowire). His research interests are s
 tatic and dynamic analysis of\n   Android apps and reverse engineering. He
  is a co-founder of Quokka and\n   has presented at DEF CON\, Black Hat (U
 SA\, Asia\, & MEA)\, IT-Defense\,\n   and @Hack. His research in Android s
 ecurity has been assigned dozens\n   of CVEs and is responsible for discov
 ering the Adups spyware that\n   affected millions of Android smartphones.
 \n\n   '\n\n   1. #LVCCW_Level1_Hall1\n   2. https://developer.android.com
 /develop/sensors-and-location/location/permissions#accuracy\n   3. https:/
 /developer.android.com/training/package-visibility\n   4. https://support.
 google.com/googleplay/android-developer/answer/10158779\n   5. https://dev
 eloper.android.com/reference/android/app/ActivityManager#getRunningTasks\n
    6. https://android.googlesource.com/platform/frameworks/base/+/2d7576b%
 5E!/\n   7. https://android.googlesource.com/platform/frameworks/base/+/re
 fs/heads/android14-platform-release/core/res/AndroidManifest.xml#3080\n   
 8. https://medium.com/@amir.ghm/a-deep-dive-to-get-the-top-activity-name-o
 f-currently-running-application-in-android-50e5f17f47d5\n   9. https://dev
 eloper.android.com/reference/android/telephony/TelephonyManager#getAllCell
 Info\n   10. https://developer.android.com/reference/android/telephony/Tel
 ephonyManager#getCellLocation\n   11. https://opencellid.org/\n   12. http
 s://www.idc.com/getdoc.jsp?containerId=prUS52032524\n   13. https://gs.sta
 tcounter.com/vendor-market-share/mobile\n   14. https://source.android.com
 /\n   15. https://www.counterpointresearch.com/insights/global-smartphone-
 ap-market-share/\n   16. https://en.wikipedia.org/wiki/Transsion\n   17. h
 ttps://www.simo.co/about-us\n   18. https://play.google.com/store/apps/det
 ails?id=com.skyroam.app\n   19. https://apkpure.com/simo-global-local-inte
 rnet/com.skyroam.app/download\n   20. https://www.quokka.io/blog/vsim-vuln
 erability-within-simo-android-phones-exposed\n   21. https://7561470.fs1.h
 ubspotusercontent-na1.net/hubfs/7561470/QKKA_Resources/Security%20Analysis
 %20of%20Simo%E2%80%99s%20vSIM%20Android%20Software_Academic%20Paper.pdf\n 
   22. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41848\n   23
 . https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41850\n   24. ht
 tps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41849\n   25. https:
 //www.idc.com/promo/smartphone-market-share\n   26. https://developer.andr
 oid.com/reference/android/provider/Settings\n\n\n
DTEND:20240809T224500Z
DTSTART:20240809T220000Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 4
SUMMARY:Android App Usage and Cell Tower Location: Private. Sensitive. Avai
 lable to Anyone?
END:VEVENT
END:VCALENDAR