Beau Kujath is a PhD candidate at Arizona State University, and member of BreakpointingBad. He recently completed his Information Controls Fellowship, working with the Citizen Lab and SocialTIC

Many service providers or telecommunications companies in Central America incentivize users to install their mobile apps through promotions, SMS messages, and practicality. Furthermore, governments in the region have begun developing mobile apps that enable citizens to access essential services, such as tax management systems and healthcare services.

Collaborating with information security experts in the area, Beau and his research partners identified a concise selection of impactful applications, which were thoroughly examined for security threats and potential privacy concerns that could impact the average user who is incentivized to have one installed on their personal device.

During the fellowship, Beau formulated a set of threat classes to evaluate each analyzed app against. He then reported the findings from each app, including the disclosure of two vulnerabilities to the respective app developers. He also compiled an organized list of steps that an information security professional could follow to investigate any similar mobile app through both dynamic and static analysis, and created a public Github repository with tools and instructions for individuals interested in analyzing an app (APK) in a similar manner.

Full project details, findings, and repo