隨著平板電腦、智慧型手機的普及與成長,帶動近年來手機應用程式(App)的快速興起,各式各樣的應用程式可以幫助使用者的工作變得更加簡單方便、迅速了解所有的最新資訊,也能帶來更多娛樂性。開發人員不斷地創新開發與改善手機應用程式,使得手機應用程式已是我們生活中不可或缺的一部分,但是隱私洩漏問題則是隨之而生且被熱烈討論的話題。雖然現在多數人都比較有隱私意識了,但多數使用者往往還是會同意任何在手機上出現的權限要求,因為他們只想要儘快開始使用那些手機軟體。 本篇論文先以Wireshark來做手機APP隱私洩漏偵測與分類,接著以Mitmproxy分析手機APP發送之HTTP(S)網路封包內容,監測這些手機APP是否在使用者未授權情況下擅自傳送敏感資料封包給伺服器,並進一步觀察這些APP傳送的封包是否含有不該取得之資料。
Mobile applications have been developed rapidly in recent years. A wide variety of applications can help us organize our work, let us see all the latest information at a glance. So life becomes easier and more fun. Developers are working to improve their mobile applications constantly, making these applications occupy a large part of our lives. However, the issue of data privacy has also emerged, and it has become a hot topic of discussion. Even everyone has become conscious of privacy, many users often click on any message that appears on their phone because they only want to be able to start using their phone software as soon as possible. In this paper, we use Wireshark to detect and classify the privacy risks of mobile applications. Then, we use Mitmproxy (man-in-the-middle) to analyze HTTP (S) packets sent by the mobile applications, monitoring whether these mobile apps send sensitive data to the server without the user's authorization, and observe whether packets sent by these Apps contain information that should not be obtained.