Full metadata
Title
Analysis of Russian Apps for TSPU-Related Risks
Description
The landscape of internet freedom and surveillance is constantly evolving, with various countries employing technical measures to control online information and monitor citizens. Russia's internet ecosystem presents a unique case study, with the recent establishment of a domestic Trusted Root Certificate Authority (CA) and the ongoing utilization of the "Technical Measures to Combat Threats" (TSPU) devices with government-mandated deployment by internet service providers. This thesis investigates the potential risks associated with these developments, focusing on the vulnerability of Russian Android applications to targeted JavaScript attacks compromising the privacy and security of their users.This analysis of Russian Android applications reveals the existence of the Russian CA certificate embedded into the application packages, enabling the Russian government to intercept and manipulate encrypted TLS traffic. Simulating TSPU behavior with mitmproxy demonstrates the susceptibility of all tested applications to JavaScript injection attacks, allowing targeted government surveillance. This thesis proposes several mitigation strategies and highlights the need for a systemic solution to address the security risks associated with government-controlled CAs in applications, considering Google Play Market restrictions on such certificate inclusion. This thesis contributes to the evolving discussion on internet freedom and cybersecurity in Russia by exposing the unique vulnerabilities faced by users within the Russian digital ecosystem.
Date Created
2024
Contributors
- Konyukhov, Vitaliy (Author)
- Crandall, Jedidiah (Thesis advisor)
- Wang, Fish (Committee member)
- Bazzi, Rida (Committee member)
- Arizona State University (Publisher)
Topical Subject
Resource Type
Extent
58 pages
Language
eng
Copyright Statement
In Copyright
Primary Member of
Peer-reviewed
No
Open Access
No
Handle
https://hdl.handle.net/2286/R.2.N.193350
Level of coding
minimal
Cataloging Standards
Note
Partial requirement for: M.S., Arizona State University, 2024
Field of study: Computer Science
System Created
- 2024-05-02 01:10:51
System Modified
- 2024-05-02 01:10:58
- 6 months 4 weeks ago
Additional Formats