NSEC2023 - Privacy through the lens of code скачать в хорошем качестве

NSEC2023 - Privacy through the lens of code

The bonus of data security and privacy till now has always been dumped on consumers - they have to navigate myriads of privacy policies and "Yes, I consent" clicks. Apps keep on leaking data, but hardly are the apps themselves questioned! Some laws (GDPR/CCPA) do outline what data can be collected and how it is supposed to be processed in the software - but this seldom creates actionable engineering directives that developers need to follow to build privacy respecting apps. We always see the privacy protection function from the lens of data collected and stored in DBs. What if we actually dug deeper and started looking not just at what data is collected, but at the exact lines of code responsible for collection and generation of data itself? Imagine a world where privacy is baked in the app itself and is not an afterthought. This talk explores how we can leverage static analysis techniques to find and fix privacy bug, early on in the game - before they ever manifest.