Monday, March 02, 2015

Visualizations of Phishing Emails

I've been collecting all phishing emails that have come into my inbox since 2010. I thought it would be fun to create some simple visualizations, to look for interesting patterns.

Below is a wordle of 95 different Nigerian email scams. These are the scams where the sender of the email has a business proposition for you, with millions of dollars in a bank or secret fund, and they need your help getting it out. You can see several prominent words, like bank, money, contact, and fund. You can also see that these scammers are quite polite, with please being a common word too.


Surprisingly, I only got 16 reply-to phishing emails. These are the ones where the scammer asks you to fill out your account information in the email, like your account name and password. Nothing too surprising here.  

The largest set was 160 general phishing attacks, ones where the scammer tries to trick you into clicking a link or opening an attachment. You can see that these scammers are quite polite, with please being pretty prominent. Like the reply-to phishing attacks above, you can see that an email that mentions your account or wants you to click on a link is a good signal that it may be a phishing attack.  

Below is a wordle that combines all of the above emails, if you want to share with others or print out.

I also created a word tree visualization using the service on Jason Davies' site. You can see the interactive version of all of the phishing emails here. You can see the most common opening for these phishing emails, and again, scammers are quite polite.




Saturday, February 21, 2015

Notes on Running the Mobisys 2015 Program Committee

Marco Gruteser and I recently finished co-chairing the Mobisys 2015 technical program committee. Some of the TPC members said that it was the best run, least stressful program committee that they had been on, and were amazed that we were able to discuss over 60 papers.

I thought it would be good to share what tools and processes we used to keep things running smoothly, to help other program committees.
  • We allocated NNN minutes of discussion per paper (this will vary depending on PC size and #papers to discuss). Basically, take the total amount of time and divide by #papers to discuss, subtracting 1-2 minutes per paper as slack time.
  • We used the iPad app Lightning Talk to keep track of time (thanks to Jenna Date for pointing me to this app)
  • On the projector, we displayed what paper we were discussing and who the conflicts were. This helped speed up conflicts getting out of the room. Here is a shortened version of the slides. (Thanks to Morley Mao and Landon Cox for this idea)
  • Conveniently, if you print these slides 6 to a page, they are roughly post-it size. We taped each slide to a post-it, making it easier to see what the decisions were for each paper. See the picture below to see how we used these post-its (note that we blurred out information about most papers in the picture). We had 4 categories: Accept, Weak Accept, Maybe Accept, and Reject. 
  • We started the TPC by discussing the strongest papers and then the weakest papers, to help the PC with calibration of the other papers.
  • We assigned a discussion lead for each paper, typically the most positive reviewer. Each lead was asked to start with 2min summary, and then we moved on to discussion from the other reviewers.
  • We asked committee members to be decisive about making decisions within the NNN minute period. Earlier, several days before the meeting, we also asked TPC members to discuss online papers for which there was not a clear consensus. This approach helped with faster decision making. 
  • If a paper was a clear accept or reject after a few minutes, we cut off discussion to keep moving forward. This let us have more time for more papers that needed more discussion time.

Saturday, November 29, 2014

PrivacyGrade is out

PrivacyGrade.org is our web site that presents our privacy analysis of a million Android smartphone apps. It's a deeper and broader analysis of apps beyond the previous blog posts on this site.

Friday, November 30, 2012

Analysis of Most Unexpected Permissions for Android Apps

Our team has been analyzing Android apps for unusual behaviors, using crowdsourcing techniques to find differences between what people expect an app to do and what an app does in reality.

Here are the top 10 most unexpected permissions, based on our crowdsourcing approach to analyze the behavior of Android apps. Each circle represents the level of surprise people had for each permission (N=20). For example, a vast majority of people (95%) were surprised that Brightest Flashlight used location data, but no one (0%) was surprised that Google Maps did so. Here, we can use level of surprise as one form of privacy. If people aren't surprised, then from our perspective it's less of a privacy issue, since people have some level of informed consent. On the other hand, if lots of people are surprised, then we have a potential privacy issue at hand.

Click to zoom

Here is the top 10 list in text form, with links to more analysis where available.

  1. Brightest Flashlight
  2. Toss It
  3. Angry Birds
  4. Talking Tom Free
  5. Backgrounds HD Wallpapers
  6. Dictionary.com
  7. Mouse Trap
  8. Horoscope
  9. Shazam
  10. Pandora


Note that some of these uses, while rated unusual, were actually perceived as legitimate once it was explained how the data was used. For example, the Dictionary.com app uses location for finding words that others near you are searching for, rather than for ads or other purposes. In our work, we also found that people were generally ok with this usage once it was made clear to them.

In the short-term, the main thrust of our research is to help people understand these kinds of unusual behaviors of apps, as well as increase transparency. It's worth pointing out too that a lot of this information seems to be used for advertising rather than malicious purposes (though it obviously depends on your definition of malicious). In the long-term, we need better policies and best practices around this kind of data collection, as well as better ways of helping developers create sustainable business models that also respect privacy. 

Note that this list is based on the top 100 most popular Android apps around December 2011, so some things may have changed since then.


-------------------


Below is an analysis of the Top 10 Most Downloaded Android apps, showing the level of surprises. For example, for Angry Birds, we found that 80% of people (N=20) were surprised that it used location at all, whereas for Google Maps, 0% of people were surprised.

Click to Zoom
Here is the same list in text format, with links to more analysis for apps that we have probed in more depth.
  1. Facebook
  2. Google Maps
  3. Angry Birds
  4. Pandora
  5. KakaoTalk Messenger
  6. Bubble Blast
  7. Paradise Island
  8. Handcent SMS
  9. Adobe Flash Player
  10. Tap Fish
You can also read more about our research here (PDF). This work was done by Jialiu Lin, Shah Amini, myself (Jason Hong), and Norman Sadeh. This work is also funded in part by the National Science Foundation, Google, and the Army Research Office.

Analysis of Brightest Flashlight Free for Android


GoldenShores Technologies, LLC
Category: Tools
Price: Free
Description
Brightest Flashlight Free - Turns on all available lights.
Brightest Flashlight App – Free of Charge
* Turns on all available lights on the device
* Camera Flash LED at Maximum
* Screen at Bright Maximum
* Keyboard Backlight at Maximum
* Soft Keys Backlight at Maximum


Resource
Used by
Description
Device ID
Mobile ad optimization and tracking
Targeted mobile advertising
Mobile ads, analytics, ad exchange
Location
Mobile ad network aggregator
App analytics
Targeted mobile advertising
Mobile ads, analytics, ad exchange
Other 3rd-party libraries app uses
Mobile ad network


Privacy Analysis
Description

· 95% of people were surprised Brightest Flashlight Free uses your unique Device ID
· 95% of people were surprised Brightest Flashlight Free uses your location



Analysis of Horoscope for Android

Horoscope.fr
Category: Lifestyle
Price: Free
Description
Check your complete horoscopes for today, tomorrow and much more !
Horoscope : The official Horoscope from horoscope.fr now available on your Android phone ! 100% FREE, 100% PRO !


Resource
Used by
Description
Device ID
Used for indexing users

Location

App analytics
Other 3rd-party libraries app uses


Privacy Analysis
Description

· 80% of people were surprised Horoscope uses your unique Device ID
· 80% of people were surprised Horoscope uses your location



Analysis of Shazam for Android

Shazam Entertainment Limited
Category: Music & Audio
Price: Free
Description
Hear a song you don't know? Shazam identifies it instantly. Free and Unlimited.
Faster tagging. Now discover, explore and share more music, TV shows and brands you love in as little as one second.


Resource
Used by
Description
Device ID
Used for indexing users

Location
Shazam
Mobile ad optimization
Mobile ads and campaigns
Owner of app, for tagging songs
Other 3rd-party libraries app uses



Privacy Analysis
Description

· 60% of people were surprised Shazam uses your unique Device ID
· 80% of people were surprised Shazam uses your location



Analysis of Talking Tom Free for Android

Outfit 7
Category: Entertainment
Price: Free
Description
Tom is your pet cat, that responds to your touch and repeats everything you say.
★★★ A Cat That Talks? ★★★
Talking Tom repeats everything you say with a funny voice. You can pet him, poke him, you can even grab his tail.


Resource
Used by
Description
Device ID
Used for indexing users

Other 3rd-party libraries app uses
--
   


Analysis of Backgrounds HD Wallpaper for Android


Stylem Media
Category: Entertainment
Price: Free
Description
Backgrounds - more than 10,000 Wallpapers, Add your own Photo and customize!
10,000 awesome unique designs.
New Backgrounds added daily.


Resource
Used by
Description
Contact
Used internally for assigning contact photos

Device ID
Used for indexing users

Other 3rd-party libraries app uses
--


Privacy Analysis
Description

· 60% of people were surprised Backgrounds HD Wallpapers uses your unique Device ID
· 90% of people were surprised Backgrounds HD Wallpapers uses your contact list



Analysis of Toss It for Android


MeetMe.com
Category: Casual
Price: Free
Description
Toss a ball of crumpled paper into a waste bin. Surprisingly addictive!
Join the MILLIONS of Android gamers already playing Toss It, the most addictive casual game on the market -- FREE!


Resource
Used by
Description
Device ID
Myyearbook
Targeted mobile advertising
Virtual currency, social games
Former name of MeetMe.com
Location
Myyearbook
Mobile ad network
Mobile ad network aggregator
App analytics
Former name of MeetMe.com
Other 3rd-party libraries app uses



Privacy Analysis
Description
· 60% of people were surprised Toss It uses your unique Device ID
· 95% of people were surprised Toss It uses your location