Understanding the Impact of Fingerprinting in Android Hybrid Apps

2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft) Pub Date : 2023-05-01 DOI:10.1109/MOBILSoft59058.2023.00011

A. Tiwari, Jyoti Prakash, Alimerdan Rahimov, Christian Hammer

{"title":"Understanding the Impact of Fingerprinting in Android Hybrid Apps","authors":"A. Tiwari, Jyoti Prakash, Alimerdan Rahimov, Christian Hammer","doi":"10.1109/MOBILSoft59058.2023.00011","DOIUrl":null,"url":null,"abstract":"Numerous studies demonstrate that browser fingerprinting is detrimental to users’ security and privacy. However, little is known about the effects of browser fingerprinting on Android hybrid apps – where a stripped-down Chromium browser is integrated into an app. These apps expand the attack surface by permitting two-way communication between native apps and the web. This paper studies the impact of browser fingerprinting on these embedded browsers. To this end, we instrument the Android framework to record and extract information leveraged for fingerprinting. We study over 60,000 apps, including the most popular apps from the Google play store. We exemplify security flaws and severe information leaks in popular apps like Instagram. Our study reveals that fingerprints in hybrid apps potentially contain account-specific and device-specific information that identifies users across multiple devices uniquely. Besides, our results show that the hybrid app browser does not always adhere to standard browser-specific privacy policies.","PeriodicalId":311618,"journal":{"name":"2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBILSoft59058.2023.00011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Numerous studies demonstrate that browser fingerprinting is detrimental to users’ security and privacy. However, little is known about the effects of browser fingerprinting on Android hybrid apps – where a stripped-down Chromium browser is integrated into an app. These apps expand the attack surface by permitting two-way communication between native apps and the web. This paper studies the impact of browser fingerprinting on these embedded browsers. To this end, we instrument the Android framework to record and extract information leveraged for fingerprinting. We study over 60,000 apps, including the most popular apps from the Google play store. We exemplify security flaws and severe information leaks in popular apps like Instagram. Our study reveals that fingerprints in hybrid apps potentially contain account-specific and device-specific information that identifies users across multiple devices uniquely. Besides, our results show that the hybrid app browser does not always adhere to standard browser-specific privacy policies.

查看原文本刊更多论文

了解指纹识别在Android混合应用中的影响

大量研究表明，浏览器指纹识别对用户的安全和隐私有害。然而，关于浏览器指纹识别对Android混合应用的影响，我们所知甚少。这些应用通过允许本地应用和网络之间的双向通信，扩大了攻击面。本文研究了浏览器指纹识别对这些嵌入式浏览器的影响。为此，我们利用Android框架来记录和提取用于指纹识别的信息。我们研究了6万多款应用，包括Google play商店中最受欢迎的应用。我们举例说明了Instagram等流行应用程序的安全漏洞和严重信息泄露。我们的研究表明，混合应用程序中的指纹可能包含特定于账户和特定于设备的信息，这些信息可以唯一地识别多个设备上的用户。此外，我们的结果表明，混合应用程序浏览器并不总是坚持标准的浏览器特定的隐私政策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft)

自引率

0.00%

发文量