Detecting which mobile apps are leaking personal information can be hard. ReCon, a privacy tool developed under the leadership of a Northeastern University computer science professor, helps provide a solution.
ReCon is an app for your phone or tablet that analyzes information from other apps by monitoring network traffic. It automatically scans emails, chats and other information to identify “device/user identifiers used in tracking, geolocation leaks, unsafe password transmissions, and personal information such as name, address, gender, and relationship status,” according to the ReCon developers.
The app displays its findings on a private Web page. Users can also use the page to configure ReCon to block certain types of network communications that are associated with private data leaks.
As the app’s home page notes, this functionality is useful because mobile devices provide no built-in support for identifying sources of data leaks in a centralized way. Unless you study each of your apps individually, it’s hard to determine which ones do things like transmit passwords in plaintext, identify your physical location or share personal data that you don’t want others to see.
Of course, the big caveat is that ReCon sees all of that information and gathers it into a central place. But it’s not as if ReCon does anything to spy on you; it’s just collecting information would already be available to anyone who is eavesdropping on your network data.
One thing ReCon can’t do is identify private data that apps are sharing about you over an encrypted connection, since it doesn’t have access to the data encryption keys. For example, if online ads are uploading information about you in encrypted form to a third-party server, which then decrypts the data, ReCon won’t be able to catch it. For that reason, ReCon isn’t a bullet-proof way of identifying which apps are leaking private data.
All the same, ReCon can be a very helpful tool for gaining insight into what other people can see about you online, and which mobile apps you have to shut down or block to help protect your privacy.
Awesome post.