AndroPRINT: Analysing the Fingerprintability of the Android API

Titel in Übersetzung: AndroPRINT: Analyse der Fingerprintbarkeit der Android API

Gerald Palfinger*, Bernd Prünster

*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

In recent Android versions, access to various (unique) identifiers has been restricted or completely removed for third-party applications. However, many information sources can still be combined to create a fingerprint, effectively substituting the need for these unique identifiers. Until now, finding these fingerprintable sources required manually sifting through the API documentation to identify each information source individually. This paper presents AndroPRINT, a framework that automatically recognizes fingerprintable information sources on Android devices. For this purpose it automatically invokes methods, queries fields, and retrieves data from content providers. We show that this framework allows automating the elaborate task of finding such fingerprintable information sources in different experiments. In these experiments, a variety of information sources could be identified, which provide a vast amount of unique features for fingerprinting. Furthermore, AndroPRINT detected undocumented unique device identification features, which are a result of manufacturer adaptations. These vendor customisations even revealed personal data, such as the user’s email address and cryptographic keys used for cross-device communication. The fact that this information can be retrieved without the user noticing means that vendor customisations can effectively defeat the tight permission system of modern smartphone operating systems.
Titel in ÜbersetzungAndroPRINT: Analyse der Fingerprintbarkeit der Android API
Originalspracheenglisch
TitelProceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020
ErscheinungsortIreland
Seitenumfang10
ISBN (elektronisch)9781450388337
DOIs
PublikationsstatusVeröffentlicht - 25 Aug. 2020
Veranstaltung15th International Conference on Availability, Reliability and Security: ARES 2020 - Virtuell, Irland
Dauer: 25 Aug. 202028 Aug. 2020

Publikationsreihe

NameACM International Conference Proceeding Series

Konferenz

Konferenz15th International Conference on Availability, Reliability and Security
KurztitelARES 2020
Land/GebietIrland
OrtVirtuell
Zeitraum25/08/2028/08/20

ASJC Scopus subject areas

  • Software
  • Human-computer interaction
  • Maschinelles Sehen und Mustererkennung
  • Computernetzwerke und -kommunikation

Fingerprint

Untersuchen Sie die Forschungsthemen von „AndroPRINT: Analyse der Fingerprintbarkeit der Android API“. Zusammen bilden sie einen einzigartigen Fingerprint.
  • A-SIT - Zentrum für sichere Informationstechnologie Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.

    21/05/996/08/20

    Projekt: Arbeitsgebiet

Dieses zitieren