Hackers of India

Your App Is Probably A Spyware…Or Is It?

By  Gaurav Gogia   Pandurang Patil  on 23 Sep 2023 @ Nullcon

Abstract

Software development is increasingly turning into an industrialized mechanical process. With the abundance of low-code/no-code software solutions and magical APIs, it has become more convenient than ever to create beautiful applications that deliver the right business logic. Building on top of existing standard libraries or accepted industry standards is the norm instead of re-building things from scratch. However, during all this rush toward building the next big app, we are somewhere forgetting data privacy. Slapping long privacy policy documents only leads to false acceptance on the user’s end without really ever going through the policy document. And even when these documents are made easy to understand, we’ve always looked at data privacy from a DLP perspective. We look at all the databases we have, lock them down, and build RBACs around them. However, we forget to look at the root cause of the problem. The very code that powers our applications. Now, imagine applications that have privacy built-in. Imagine detecting and mitigating all the privacy violations pre-deployment. In this research, we are going to discuss DevPrivOps with open-source software that does just that.