Protecting At-Risk Populations from Surveillance, Censorship, and Targeted Attacks is a reverse-engineering effort implemented by Arizona State University Foundation.
Much of cybersecurity vulnerability discovery is aimed at protecting end users at the edges of the network from each other, but for some populations there are also threats from the network infrastructure itself. Past work to reverse engineer apps used by at-risk populations has revealed a whole range of threats, including poor or missing encryption that exposes private user data to the network infrastructure, censorship and surveillance baked into apps based on lists of keywords, and vulnerabilities that allow an in-path attacker in the network infrastructure to inject arbitrary code onto user devices. This project aims to find these issues in apps that at-risk users are likely to have installed on their devices, and do so at a scale large enough to have an impact on user security and privacy that goes beyond simply reporting and mitigating vulnerabilities in a Whac-A-Mole fashion. To achieve this the Arizona State University Biodesign Center for Biocomputation, Security and Society has partnered with TibCERT/Tibet Action Institute to evaluate entire Android app market ecosystems guided by the needs and local considerations of the populations that TibCERT serves.