AndroPROTECT: Hardening the Android API against Fingerprinting

Gerald Palfinger

Research output: Contribution to conferencePaperpeer-review

Abstract

To protect user privacy, Android has been hardened to prevent apps from tracking users across apps. In particular, starting with Android 10, third-party apps have been restricted from accessing various non-resettable device identifiers. However, non-unique information accessible to apps can still be combined to create a fingerprint. Therefore, fingerprinting allows apps to circumvent these privacy protections. To address this problem, we introduce the AndroPROTECT patch creation pipeline. Essentially, AndroPROTECT automatically creates patches for the Android API to harden it against fingerprinting attempts. AndroPROTECT starts with a set of information sources that have been automatically detected to provide information which can be used for fingerprinting. From this set, it automatically generates patches that modify the values which can be obtained by third-party apps. AndroPROTECT creates patches for various types of information sources present in the API, in particular, for methods, fields, and content providers. The resulting patch package can be applied to individual apps without requiring modifications of the operating system. In our experiments, a total of 989 information sources were patched automatically, representing more than 95% of the detected information sources. By testing the patch package against a set of popular Android apps, we show that the created patches can be applied with minimal impact on compatibility compared to repackaging an application.
Translated title of the contributionAndroPROTECT: Absicherung der Android-API gegen Fingerprinting
Original languageEnglish
Number of pages20
Publication statusAccepted/In press - 4 Sept 2024
Event18th International Conference on Network and System Security: NSS 2024 - Abu Dhabi, United Arab Emirates
Duration: 20 Nov 202422 Nov 2024

Conference

Conference18th International Conference on Network and System Security
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi
Period20/11/2422/11/24

Keywords

  • Fingerprinting protections
  • Android
  • Privacy

Fingerprint

Dive into the research topics of 'AndroPROTECT: Hardening the Android API against Fingerprinting'. Together they form a unique fingerprint.
  • A-SIT - Secure Information Technology Center Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.

    21/05/9931/12/24

    Project: Research area

Cite this