OCScraper: Automated Analysis of the Fingerprintability of the iOS API

Gerald Palfinger

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Tracking has allowed application providers to offer the vast majority of their applications for free as it allows them to target advertising. However, tracking has proven to be an invasion of user privacy. To counter this, operating system vendors have removed access to unique identifiers in their APIs. Nevertheless, applications can still combine other non-unique data from the device to create a unique fingerprint. Until now, it has not been well understood what kind of information is available to do so on iOS. This paper addresses this gap by introducing the OCScraper framework, a tool for automatically discovering fingerprintable information sources on iOS devices. OCScraper does this by systematically crawling the API of the operating system. In the process, it creates objects on which methods are called and properties are queried. In our evaluation, we show that OCScraper can successfully invoke a large number of methods and retrieve the majority of parameters. We discover hundreds of robust information sources that provide distinct bits of information which can be used to create a cross-application fingerprint.
Original languageEnglish
Title of host publicationSECRYPT 2023 - Proceedings of the 20th International Conference on Security and Cryptography
EditorsSabrina De Capitani di Vimercati, Pierangela Samarati
PublisherSciTePress - Science and Technology Publications
Pages433-441
Number of pages9
Volume1
ISBN (Electronic)978-989-758-666-8
ISBN (Print)9789897586668
DOIs
Publication statusPublished - Jul 2023
Event20th International Conference on Security and Cryptography: SECRYPT 2023 - Rome, Italy
Duration: 10 Jul 202312 Jul 2023

Publication series

NameProceedings of the International Conference on Security and Cryptography
Volume1
ISSN (Print)2184-7711

Conference

Conference20th International Conference on Security and Cryptography: SECRYPT 2023
Abbreviated titleSECRYPT
Country/TerritoryItaly
CityRome
Period10/07/2312/07/23

Keywords

  • Fingerprinting
  • Smartphones
  • Apple iOS
  • Automatic Detection

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'OCScraper: Automated Analysis of the Fingerprintability of the iOS API'. Together they form a unique fingerprint.
  • A-SIT - Secure Information Technology Center Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.

    21/05/9931/12/24

    Project: Research area

Cite this