Projects per year
Abstract
To protect user privacy, Android has been hardened to prevent apps from tracking users across apps. In particular, starting with Android 10, third-party apps have been restricted from accessing various non-resettable device identifiers. However, non-unique information accessible to apps can still be combined to create a fingerprint. Therefore, fingerprinting allows apps to circumvent these privacy protections. To address this problem, we introduce the AndroPROTECT patch creation pipeline. Essentially, AndroPROTECT automatically creates patches for the Android API to harden it against fingerprinting attempts. AndroPROTECT starts with a set of information sources that have been automatically detected to provide information which can be used for fingerprinting. From this set, it automatically generates patches that modify the values which can be obtained by third-party apps. AndroPROTECT creates patches for various types of information sources present in the API, in particular, for methods, fields, and content providers. The resulting patch package can be applied to individual apps without requiring modifications of the operating system. In our experiments, a total of 989 information sources were patched automatically, representing more than 95% of the detected information sources. By testing the patch package against a set of popular Android apps, we show that the created patches can be applied with minimal impact on compatibility compared to repackaging an application.
Translated title of the contribution | AndroPROTECT: Absicherung der Android-API gegen Fingerprinting |
---|---|
Original language | English |
Number of pages | 20 |
Publication status | Accepted/In press - 4 Sept 2024 |
Event | 18th International Conference on Network and System Security: NSS 2024 - Abu Dhabi, United Arab Emirates Duration: 20 Nov 2024 → 22 Nov 2024 |
Conference
Conference | 18th International Conference on Network and System Security |
---|---|
Country/Territory | United Arab Emirates |
City | Abu Dhabi |
Period | 20/11/24 → 22/11/24 |
Keywords
- Fingerprinting protections
- Android
- Privacy
Fingerprint
Dive into the research topics of 'AndroPROTECT: Hardening the Android API against Fingerprinting'. Together they form a unique fingerprint.Projects
- 1 Active
-
A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 31/12/24
Project: Research area