MOBILESoft 2023
Mon 15 - Tue 16 May 2023 Melbourne, Australia
co-located with ICSE 2023
Mon 15 May 2023 13:45 - 14:10 at Meeting Room 111 - Session 3

Numerous studies demonstrate that browser fingerprinting is detrimental to users’ security and privacy. However, little is known about the effects of browser fingerprinting on Android hybrid apps – where a stripped-down Chromium browser is integrated into an app. These apps expand the attack surface by permitting two-way communication between native apps and the web. This paper studies the impact of browser fingerprinting on these embedded browsers. To this end, we instrument the Android framework to record and extract information leveraged for fingerprinting. We study over 60,000 apps, including the most popular apps from the Google play store. We exemplify security flaws and severe information leaks in popular apps like Instagram. Our study reveals that fingerprints in hybrid apps potentially contain account-specific and device-specific information that identifies users across multiple devices uniquely. Besides, our results show that the hybrid app browser does not always adhere to standard browser-specific privacy policies.

Mon 15 May

Displayed time zone: Hobart change

13:45 - 15:15
13:45
25m
Paper
Understanding the Impact of Fingerprinting in Android Hybrid Apps
Research Track
Abhishek Tiwari University of Passau, Germany, Jyoti Prakash University of Passau, Alimerdan Rahimov University of Passau, Germany, Christian Hammer University of Passau
14:25
40m
Talk
Leaders Forum Talk - Towards Data-Driven Mobile App Visual Testing
Research Track
Chunyang Chen Monash University
15:05
10m
Talk
Q&A
Research Track