Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications

Christof Ferreira Torres, H.L. Jonker

Research output: Chapter in Book/Report/Conference proceedingChapterAcademicpeer-review

Abstract

Fingerprinting of browsers has been thoroughly investigated. In contrast, mobile phone applications offer a far wider array of attributes for profiling, yet fingerprinting practices on this platform have hardly received attention. In this paper, we present the first (to our knowledge) investigation of Android libraries by commercial fingerprinters. Interestingly enough, there is a marked difference with fingerprinting desktop browsers. We did not find evidence of typical fingerprinting techniques such as canvas fingerprinting. Secondly, we searched for behaviour resembling that of commercial fingerprinters. We performed a detailed analysis of six similar libraries. Thirdly, we investigated ∼30,000 apps and found that roughly 19% of these apps is using one of the these libraries. Finally, we checked how often these libraries were used by apps subject to the Children’s
Online Privacy Protection Act (i.e. apps targeted explicitly at children), and found that these libraries were included 21 times.
Original languageEnglish
Title of host publicationComputer Security
Subtitle of host publication23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II
EditorsJavier Lopez, Jianying Zhou, Miguel Soriano
PublisherSpringer
Chapter4
Pages60-80
Number of pages21
Volume11099
Edition1
ISBN (Electronic)9783319989891
ISBN (Print)9783319989884
DOIs
Publication statusPublished - 2018
Event23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: 3 Sep 20187 Sep 2018
https://www.springer.com/gp/book/9783319989884

Publication series

NameLecture Notes in Computer Science book series
PublisherSpringer

Conference

Conference23rd European Symposium on Research in Computer Security, ESORICS 2018
CountrySpain
CityBarcelona
Period3/09/187/09/18
Internet address

Fingerprint

Application programs
Mobile phones

Cite this

Ferreira Torres, C., & Jonker, H. L. (2018). Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications. In J. Lopez, J. Zhou, & M. Soriano (Eds.), Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II (1 ed., Vol. 11099, pp. 60-80). (Lecture Notes in Computer Science book series). Springer. https://doi.org/10.1007/978-3-319-98989-1_4
Ferreira Torres, Christof ; Jonker, H.L. / Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications. Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II. editor / Javier Lopez ; Jianying Zhou ; Miguel Soriano. Vol. 11099 1. ed. Springer, 2018. pp. 60-80 (Lecture Notes in Computer Science book series).
@inbook{f561640a29674b319ace410ad3e8caa0,
title = "Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications",
abstract = "Fingerprinting of browsers has been thoroughly investigated. In contrast, mobile phone applications offer a far wider array of attributes for profiling, yet fingerprinting practices on this platform have hardly received attention. In this paper, we present the first (to our knowledge) investigation of Android libraries by commercial fingerprinters. Interestingly enough, there is a marked difference with fingerprinting desktop browsers. We did not find evidence of typical fingerprinting techniques such as canvas fingerprinting. Secondly, we searched for behaviour resembling that of commercial fingerprinters. We performed a detailed analysis of six similar libraries. Thirdly, we investigated ∼30,000 apps and found that roughly 19{\%} of these apps is using one of the these libraries. Finally, we checked how often these libraries were used by apps subject to the Children’sOnline Privacy Protection Act (i.e. apps targeted explicitly at children), and found that these libraries were included 21 times.",
author = "{Ferreira Torres}, Christof and H.L. Jonker",
year = "2018",
doi = "10.1007/978-3-319-98989-1_4",
language = "English",
isbn = "9783319989884",
volume = "11099",
series = "Lecture Notes in Computer Science book series",
publisher = "Springer",
pages = "60--80",
editor = "Javier Lopez and Jianying Zhou and Miguel Soriano",
booktitle = "Computer Security",
edition = "1",

}

Ferreira Torres, C & Jonker, HL 2018, Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications. in J Lopez, J Zhou & M Soriano (eds), Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II. 1 edn, vol. 11099, Lecture Notes in Computer Science book series, Springer, pp. 60-80, 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, 3/09/18. https://doi.org/10.1007/978-3-319-98989-1_4

Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications. / Ferreira Torres, Christof; Jonker, H.L.

Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II. ed. / Javier Lopez; Jianying Zhou; Miguel Soriano. Vol. 11099 1. ed. Springer, 2018. p. 60-80 (Lecture Notes in Computer Science book series).

Research output: Chapter in Book/Report/Conference proceedingChapterAcademicpeer-review

TY - CHAP

T1 - Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications

AU - Ferreira Torres, Christof

AU - Jonker, H.L.

PY - 2018

Y1 - 2018

N2 - Fingerprinting of browsers has been thoroughly investigated. In contrast, mobile phone applications offer a far wider array of attributes for profiling, yet fingerprinting practices on this platform have hardly received attention. In this paper, we present the first (to our knowledge) investigation of Android libraries by commercial fingerprinters. Interestingly enough, there is a marked difference with fingerprinting desktop browsers. We did not find evidence of typical fingerprinting techniques such as canvas fingerprinting. Secondly, we searched for behaviour resembling that of commercial fingerprinters. We performed a detailed analysis of six similar libraries. Thirdly, we investigated ∼30,000 apps and found that roughly 19% of these apps is using one of the these libraries. Finally, we checked how often these libraries were used by apps subject to the Children’sOnline Privacy Protection Act (i.e. apps targeted explicitly at children), and found that these libraries were included 21 times.

AB - Fingerprinting of browsers has been thoroughly investigated. In contrast, mobile phone applications offer a far wider array of attributes for profiling, yet fingerprinting practices on this platform have hardly received attention. In this paper, we present the first (to our knowledge) investigation of Android libraries by commercial fingerprinters. Interestingly enough, there is a marked difference with fingerprinting desktop browsers. We did not find evidence of typical fingerprinting techniques such as canvas fingerprinting. Secondly, we searched for behaviour resembling that of commercial fingerprinters. We performed a detailed analysis of six similar libraries. Thirdly, we investigated ∼30,000 apps and found that roughly 19% of these apps is using one of the these libraries. Finally, we checked how often these libraries were used by apps subject to the Children’sOnline Privacy Protection Act (i.e. apps targeted explicitly at children), and found that these libraries were included 21 times.

U2 - 10.1007/978-3-319-98989-1_4

DO - 10.1007/978-3-319-98989-1_4

M3 - Chapter

SN - 9783319989884

VL - 11099

T3 - Lecture Notes in Computer Science book series

SP - 60

EP - 80

BT - Computer Security

A2 - Lopez, Javier

A2 - Zhou, Jianying

A2 - Soriano, Miguel

PB - Springer

ER -

Ferreira Torres C, Jonker HL. Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications. In Lopez J, Zhou J, Soriano M, editors, Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II. 1 ed. Vol. 11099. Springer. 2018. p. 60-80. (Lecture Notes in Computer Science book series). https://doi.org/10.1007/978-3-319-98989-1_4