Mobile Device Apps: Introduction

Introduction: The Idea

Messaging applications have become quite popular in the past few years. Applications like Snapchat, Cyber Dust, Wickr, and WhatsApp have quickly taken the largest share of the mobile messaging market. Snapchat, Cyber Dust, and Wickr work by allowing users to send messages to one another, after which the messages delete themselves. All of these applications claim to be completely safe and promise users that there is no way to recover messages once they have been sent and opened. In addition to the three applications mentioned, we will also be researching WhatsApp to see how it works and where it stores its data. The purpose of this project is to see just how safe these applications are, and if any messages sent through these applications are recoverable.

Background Research:

There has been prior research into these applications, but we are hoping to continue researching them in depth so that we can fully understand how they work. In addition, we will also be delving into the applications on both the Android and iOS platforms to see how they relate and/or differ from each other.

Research Questions:

• Are messages sent through these applications completely deleted?
• Do these applications store messages on the cellular device being used?
• Do the applications that claim to be encrypted actually encrypt their data?
• Is there a difference in how these applications store data between iOS and Android devices?
• Is there a difference in how these applications store data between the recipient and the sender?

Methods:

To conduct this research, we will be using both an Android device and an iOS device. Both devices will be factory reset and imaged using Cellebrite. After being reset, the first application will be installed on the devices and the data generation process will begin. During the data generation process, various text-based messages will be sent back and forth, in addition to picture messages. After enough data has been generated, the Android and iOS devices will be imaged again using Cellebrite. After the second image is complete, both the factory reset image and the data generation image will be examined for differences with UFED Physical Analyzer.