Examining Leading Pakistani Mobile Apps
Authors: Sana Habib (Arizona State University), Mohammad Taha Khan (Washington and Lee University), Jedidiah R. Crandall (Arizona State University)
Year: 2025
Issue: 1
Pages: 24–41
Abstract: In this paper, we explore the security and privacy concerns associated with a small group of widely used Pakistani mobile apps that tens of millions of Pakistanis depend on for essential services. Using both static and dynamic analysis techniques, we evaluated each app in three critical areas: (i) the volume of personal data collected, its management, and the risk of exposure; (ii) vulnerabilities in password and login security; and (iii) network security, with a focus on threats from compromised server keys. These issues are significant for at-risk users, such as journalists, activists, media professionals, and victims of domestic abuse, who face increased threats of surveillance and targeted attacks in the region. In Pakistan, censorship frequently involves acquiring user credentials to facilitate monitoring and intimidation of at-risk users, often accompanied by threats of violence. Importantly, it is not only government actors who possess the resources and power to enforce such censorship; private entities, including criminal organizations and domestic abusers, can also engage in similar tactics. Consequently, the security and privacy concerns that we address are crucial not only for the protection of journalists and activists but also for the protection of victims of domestic abuse throughout the region.
Copyright in FOCI articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
