Security Analysis of Tartu Smart Bike Share Android Application
Date
2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
In June 2019, Tartu City Transport launched a smart bike share system, which
allows the residents of Tartu to rent bikes for small commutes around the city. A month
after the system first launched a privacy exposure was discovered and personal data of
the users was leaked. It was not publicly disclosed where the fault had resided, but it
was confirmed to have been fixed shortly after the developers were notified. The aim
of this research was to analyze the security of the Tartu Smart Bike Share Android app
and its communication with the web service. During the course of the research, several
security and privacy issues were found, one of which allows any registered user to query
information about the location of a bike and its current user. The thesis provides a general
description of the system and its underlying architecture, outlines how and which aspects
of the app functionality were analyzed and what results were found. Suggestions for
improving the security and privacy aspects of the system are also provided.
Description
Keywords
Android application security, web resource security, static code analysis, reverse engineering, HTTP requests, secure authentication, Privacy