Sana Habib is an Information Controls Fellow working with the Digital Rights Foundation (DRF) in Pakistan in collaboration with Washington & Lee University. She is a PhD student at Arizona State University and will investigate the most critical threat vectors in local Pakistani Android apps.
The ongoing series of arbitrary arrests, attacks, raids, and growing pressure on the Pakistani media workers whose investigative journalism covers corruption in local police and local government departments, local drug cartels, drug trafficking, faith-based acts of violence, and persecution of minorities is a cause for serious concern. At-risk Pakistani users rely heavily on these apps for their work-related activities and everyday tasks. However, these apps pose a significant security risk because they have security loopholes and concealed backdoors. That is because the government-mandated tracking and monitoring of the online activity of at-risk users dominates the software development ecosystem in Pakistan, turning these apps into easily exploitable attack vectors.
With the help of DRF, Sana identified a short list of high-impact local apps to investigate. These apps, widely used by the at-risk Pakistani population, will be examined for critical threats (i.e., personal data leakage, missing-poorly implemented encryption, code injection vulnerabilities, and insecure updates). These threats are serious because they enable an attacker to know the exact whereabouts of an at-risk user and then stop them from performing their work-related duties via intimidation or assault.
During her fellowship, Sana will investigate the security and privacy issues related to these apps, produce a systematic methodology that a user can use for reproducing the results, and summarize the findings in a bilingual online framework (dubbed Hamoon).