Understanding the Impact of Fingerprinting in Android Hybrid Apps
Numerous studies demonstrate that browser fingerprinting is detrimental to users’ security and privacy. However, little is known about the effects of browser fingerprinting on Android hybrid apps – where a stripped-down Chromium browser is integrated into an app. These apps expand the attack surface by permitting two-way communication between native apps and the web. This paper studies the impact of browser fingerprinting on these embedded browsers. To this end, we instrument the Android framework to record and extract information leveraged for fingerprinting. We study over 60,000 apps, including the most popular apps from the Google play store. We exemplify security flaws and severe information leaks in popular apps like Instagram. Our study reveals that fingerprints in hybrid apps potentially contain account-specific and device-specific information that identifies users across multiple devices uniquely. Besides, our results show that the hybrid app browser does not always adhere to standard browser-specific privacy policies.
Mon 15 MayDisplayed time zone: Hobart change
13:45 - 15:15 | |||
13:45 25mPaper | Understanding the Impact of Fingerprinting in Android Hybrid Apps Research Track Abhishek Tiwari University of Passau, Germany, Jyoti Prakash University of Passau, Alimerdan Rahimov University of Passau, Germany, Christian Hammer University of Passau | ||
14:25 40mTalk | Leaders Forum Talk - Towards Data-Driven Mobile App Visual Testing Research Track Chunyang Chen Monash University | ||
15:05 10mTalk | Q&A Research Track |