Asmit Nayak
Asmit Nayak
Home
News
Publications
Experience
CV
Light
Dark
Automatic
3
Exposing and Addressing Security Vulnerabilities in Browser Text Input Fields
The study investigates text input field security in web browsers, revealing that browsers’ permission model breaches security principles. Two vulnerabilities are found, including passwords exposed as plaintext in HTML source code. A proof-of-concept extension demonstrates the impact, bypassing review processes. The vulnerabilities are widespread, affecting major sites like Google. Around 12.5% of extensions could exploit these flaws, with 190 extensions accessing passwords directly. The study proposes remedies: a JavaScript package for developers to safeguard input fields and a browser-level alert for sensitive field access. The research underscores the demand for enhanced online user information protection.
Asmit Nayak
,
Rishabh Khandelwal
,
Kassem Fawaz
PDF
Cite
Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety Section
Google now requires developers to implement Data Safety Sections (DSS) for improved transparency in data collection and sharing. A research paper analyzes Google’s DSS through quantitative and qualitative methods, examining a large number of apps (1.1 million) from the Android Play store. The study identifies inconsistencies and instances of both over and under-reporting practices in DSS content. A longitudinal analysis indicates that developers are still adapting their practices over time. The research also delves into the challenges developers face when working with DSS, highlighting the need for better resources and guidelines to ensure accurate and reliable privacy labels, which are crucial for their effectiveness.
Asmit Nayak
,
Rishabh Khandelwal
,
Paul Chung
,
Kassem Fawaz
PDF
Cite
The Overview of Privacy Labels and their Compatibility with Privacy Policies
Privacy nutrition labels provide a way to understand an app’s key data practices without reading the long and hard-to-read …
Asmit Nayak
,
Rishabh Khandelwal
,
Paul Chung
,
Kassem Fawaz
PDF
Cite
CookieEnforcer: Automated Cookie Notice Analysis and Enforcement
Online services utilize privacy settings to provide users with control over their data. However, these privacy settings are often hard to locate, causing the user to rely on provider-chosen default values. In this work, we train privacy settings centric encoders and leverage them to create an interface that allows users to search for privacy settings using free-form queries.
Rishabh Khandelwal
,
Asmit Nayak
,
Hamza Harkous
,
Kassem Fawaz
PDF
Cite
Cite
×