German OWASP Day: Uncovering App Data Theft from Confused Users

German OWASP Day: This is how apps steal the data of their confused users

A recent study on iOS and Android apps has revealed that the majority of data collection dialogs contain at least one dark pattern. These manipulative user interface designs often lead users to consent to data collection and sharing. The most visible button tends to represent consent, and some apps only appear to offer users a choice: opting out of data collection results in termination of the app. The study is available online and will be presented at this year’s German OWASP Day.

During the event, speakers will discuss design decisions surrounding data protection dialogs and highlight common dark patterns. Attendees will also learn about the risks present in the software supply chain, with a presentation on the findings and lessons taken from the Log4j vulnerability. Speaker Stefan Kaps will present practical instructions for developers, outlining specifications, standards, and tools that can be used to create an instruction leaflet for software.

The German OWASP Day is an independent and non-profit conference aimed at IT professionals, developers, and security experts. The event is organized by the German Chapter of OWASP, which aims to improve application security through the publication of de facto standards like the OWASP Top 10 and the Web Security Testing Guide. The conference does not feature paid lectures by sponsors. The upcoming event will take place on May 31, 2023, at the Frankfurt School of Finance and Management in Frankfurt am Main.

Leave a Reply