Fingerprinting Mobile Devices Using Personalized Configurations

Open access


Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary thirdparty apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time

[1] Apple, “Worldwide Developer’s Conference (WWDC) Keynote 2014.”

[2] AppBrain Stats, “Distribution of free vs. paid Android apps.”

[3] M. Egele, C. Kruegel, E. Kirda, and G. Vigna, “Pios: Detecting privacy leaks in ios applications.,” in NDSS, 2011.

[4] A. Kurtz, A. Weinlein, C. Settgast, and F. Freiling, “DiOS: Dynamic Privacy Analysis of iOS Applications,” Tech. Rep. CS-2014-03, June 2014.

[5] M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, “Unsafe exposure analysis of mobile in-app advertisements,” in Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, pp. 101-112, ACM, 2012.

[6] Google, “Android Developer Reference, TelephonyManager, getDeviceId().”

[7] Y. Agarwal and M. Hall, “Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing,” in Proceeding of the 11th annual international conference on Mobile systems, applications, and services, pp. 97-110, ACM, 2013.

[8] Apple, “Worldwide Developer’s Conference (WWDC) Keynote 2014.”

[9] P. Eckersley, “How unique is your web browser?,” in Privacy Enhancing Technologies, pp. 1-18, Springer, 2010.

[10] N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna, “Cookieless monster: Exploring the ecosystem of web-based device fingerprinting,” in Security and Privacy (SP), 2013 IEEE Symposium on, pp. 541-555, IEEE, 2013.

[11] G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, “The web never forgets: Persistent tracking mechanisms in the wild,” in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), 2014.

[12] K. Boda, Á. M. Földes, G. G. Gulyás, and S. Imre, “User tracking on the web via cross-browser fingerprinting,” in Information Security Technology for Applications, pp. 31-46, Springer, 2012.

[13] K. Mowery and H. Shacham, “Pixel perfect: Fingerprinting canvas in html5,” Proceedings of W2SP, 2012.

[14] J. Lukas, J. Fridrich, and M. Goljan, “Digital camera identification from sensor pattern noise,” Information Forensics and Security, IEEE Transactions on, vol. 1, no. 2, pp. 205-214, 2006.

[15] M. Chen, J. Fridrich, M. Goljan, and J. Lukás, “Determining image origin and integrity using sensor noise,” Information Forensics and Security, IEEE Transactions on, vol. 3, no. 1, pp. 74-90, 2008.

[16] O. Çeliktutan, B. Sankur, and I. Avcibas, “Blind identification of source cell-phone model,” Information Forensics and Security, IEEE Transactions on, vol. 3, no. 3, pp. 553-566, 2008.

[17] J. R. Corripio, A. Sandoval Orozco, L. Garcia Villalba, J. C. Hernandez-Castro, and S. J. Gibson, “Source smartphone identification using sensor pattern noise and wavelet transform,” 2013.

[18] H. Bojinov, Y. Michalevsky, G. Nakibly, and D. Boneh, “Mobile device identification via sensor fingerprinting,” arXiv preprint arXiv:1408.1416, 2014.

[19] A. Das, N. Borisov, and M. Caesar, “Do you hear what i hear? fingerprinting smart devices through embedded acoustic components,” 2014.

[20] Z. Zhou, W. Diao, X. Liu, and K. Zhang, “Acoustic fingerprinting revisited: Generate stable device id stealthy with inaudible sound,” arXiv preprint arXiv:1407.0803, 2014.

[21] S. Dey, N. Roy, W. Xu, R. R. Choudhury, and S. Nelakuditi, “Accelprint: Imperfections of accelerometers make smartphones trackable,” in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2014.

[22] S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti, “Predicting user traits from a snapshot of apps installed on a smartphone,” ACM SIGMOBILE Mobile Computing and Communications Review, vol. 18, no. 2, pp. 1-8, 2014.

[23] A. J. Oliner, A. P. Iyer, I. Stoica, E. Lagerspetz, and S. Tarkoma, “Carat: Collaborative Energy Diagnosis for Mobile Devices,” Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems, pp. 10:1--10:14, 2013.

[24] Apple, “Submitting Apps that Use the Advertising Identifier.”

[25] Y. Lechelle, “OpenUDID.”

[26] Apple, “iOS 7.0 Release Notes.”

[27] Y. Lechelle, “OpenIDFA.”

[28] Apple, “iOS Developer Library.”

Journal Information

Cited By


All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 315 315 53
PDF Downloads 165 165 34