Fingerprinting Mobile Devices Using Personalized Configurations
Authors: Andreas Kurtz (FriedrichAlexander-Universität Erlangen-Nürnberg (FAU)), Hugo Gascon (University of Göttingen), Tobias Becker (Friedrich-Alexander-Universität ErlangenNürnberg (FAU)), Konrad Rieck (University of Göttingen), Felix Freiling (Friedrich-Alexander-Universität ErlangenNürnberg (FAU))
Volume: 2016
Issue: 1
Pages: 4–19
DOI: https://doi.org/10.1515/popets-2015-0027
Abstract: Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary thirdparty apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time.
Keywords: Fingerprinting, Apple iOS, Mobile Device, Privacy
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.
