Fingerprinting Mobile Devices Using Personalized Configurations

Open access

Abstract

Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary thirdparty apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Apple “Worldwide Developer’s Conference (WWDC) Keynote 2014.” http://devstreaming.apple.com/videos/wwdc/2014/101xx36lr6smzjo/101/101_hd.mov.

  • [2] AppBrain Stats “Distribution of free vs. paid Android apps.” http://www.appbrain.com/stats/free-and-paid-androidapplications.

  • [3] M. Egele C. Kruegel E. Kirda and G. Vigna “Pios: Detecting privacy leaks in ios applications.” in NDSS 2011.

  • [4] A. Kurtz A. Weinlein C. Settgast and F. Freiling “DiOS: Dynamic Privacy Analysis of iOS Applications” Tech. Rep. CS-2014-03 June 2014.

  • [5] M. C. Grace W. Zhou X. Jiang and A.-R. Sadeghi “Unsafe exposure analysis of mobile in-app advertisements” in Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks pp. 101-112 ACM 2012.

  • [6] Google “Android Developer Reference TelephonyManager getDeviceId().” http://developer.android.com/reference/android/telephony/TelephonyManager.html#getDeviceId().

  • [7] Y. Agarwal and M. Hall “Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing” in Proceeding of the 11th annual international conference on Mobile systems applications and services pp. 97-110 ACM 2013.

  • [8] Apple “Worldwide Developer’s Conference (WWDC) Keynote 2014.” http://devstreaming.apple.com/videos/wwdc/2014/101xx36lr6smzjo/101/101_hd.mov.

  • [9] P. Eckersley “How unique is your web browser?” in Privacy Enhancing Technologies pp. 1-18 Springer 2010.

  • [10] N. Nikiforakis A. Kapravelos W. Joosen C. Kruegel F. Piessens and G. Vigna “Cookieless monster: Exploring the ecosystem of web-based device fingerprinting” in Security and Privacy (SP) 2013 IEEE Symposium on pp. 541-555 IEEE 2013.

  • [11] G. Acar C. Eubank S. Englehardt M. Juarez A. Narayanan and C. Diaz “The web never forgets: Persistent tracking mechanisms in the wild” in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014) 2014.

  • [12] K. Boda Á. M. Földes G. G. Gulyás and S. Imre “User tracking on the web via cross-browser fingerprinting” in Information Security Technology for Applications pp. 31-46 Springer 2012.

  • [13] K. Mowery and H. Shacham “Pixel perfect: Fingerprinting canvas in html5” Proceedings of W2SP 2012.

  • [14] J. Lukas J. Fridrich and M. Goljan “Digital camera identification from sensor pattern noise” Information Forensics and Security IEEE Transactions on vol. 1 no. 2 pp. 205-214 2006.

  • [15] M. Chen J. Fridrich M. Goljan and J. Lukás “Determining image origin and integrity using sensor noise” Information Forensics and Security IEEE Transactions on vol. 3 no. 1 pp. 74-90 2008.

  • [16] O. Çeliktutan B. Sankur and I. Avcibas “Blind identification of source cell-phone model” Information Forensics and Security IEEE Transactions on vol. 3 no. 3 pp. 553-566 2008.

  • [17] J. R. Corripio A. Sandoval Orozco L. Garcia Villalba J. C. Hernandez-Castro and S. J. Gibson “Source smartphone identification using sensor pattern noise and wavelet transform” 2013.

  • [18] H. Bojinov Y. Michalevsky G. Nakibly and D. Boneh “Mobile device identification via sensor fingerprinting” arXiv preprint arXiv:1408.1416 2014.

  • [19] A. Das N. Borisov and M. Caesar “Do you hear what i hear? fingerprinting smart devices through embedded acoustic components” 2014.

  • [20] Z. Zhou W. Diao X. Liu and K. Zhang “Acoustic fingerprinting revisited: Generate stable device id stealthy with inaudible sound” arXiv preprint arXiv:1407.0803 2014.

  • [21] S. Dey N. Roy W. Xu R. R. Choudhury and S. Nelakuditi “Accelprint: Imperfections of accelerometers make smartphones trackable” in Proceedings of the Network and Distributed System Security Symposium (NDSS) 2014.

  • [22] S. Seneviratne A. Seneviratne P. Mohapatra and A. Mahanti “Predicting user traits from a snapshot of apps installed on a smartphone” ACM SIGMOBILE Mobile Computing and Communications Review vol. 18 no. 2 pp. 1-8 2014.

  • [23] A. J. Oliner A. P. Iyer I. Stoica E. Lagerspetz and S. Tarkoma “Carat: Collaborative Energy Diagnosis for Mobile Devices” Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems pp. 10:1--10:14 2013.

  • [24] Apple “Submitting Apps that Use the Advertising Identifier.” https://developer.apple.com/news/?id=08282014a.

  • [25] Y. Lechelle “OpenUDID.” https://github.com/ylechelle/OpenUDID.

  • [26] Apple “iOS 7.0 Release Notes.” https://developer.apple.com/library/ios/releasenotes/General/RN-iOSSDK-7.0/.

  • [27] Y. Lechelle “OpenIDFA.” https://github.com/ylechelle/OpenIDFA.

  • [28] Apple “iOS Developer Library.” https://developer.apple.com/library/ios/navigation/.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 664 450 21
PDF Downloads 355 247 13