Related papers: On the (In)Security of Non-resettable Device Identifiers in Custom Android Systems

On the (In)Security of Non-resettable Device Identifiers in Custom Android Systems

URL: http://arxiv.org/abs/2502.15270v1
Date: Fri, 21 Feb 2025 07:52:46 GMT
Title: On the (In)Security of Non-resettable Device Identifiers in Custom Android Systems
Authors: Zikan Dong, Liu Wang, Guoai Xu, Haoyu Wang,
Abstract summary: We present IDRadar, a scalable and accurate approach for identifying vulnerable properties and settings on custom Android ROMs.<n>We have identified 8,192 system properties and 3,620 settings that store non-resettable identifiers, with 3,477 properties and 1,336 settings lacking adequate access control.<n>Our large-scale analysis can identify a large number of security issues which are two orders of magnitude greater than existing techniques.
Score: 4.319029420721902
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: User tracking is critical in the mobile ecosystem, which relies on device identifiers to build clear user profiles. In earlier ages, Android allowed easy access to non-resettable device identifiers like device serial numbers and IMEI by third-party apps for user tracking. As privacy concerns grew, Google has tightened restrictions on these identifiers in native Android. Despite this, stakeholders in custom Android systems seek consistent and stable user tracking capabilities across different system and device models, and they have introduced covert channels (e.g., system properties and settings) in customized systems to access identifiers, which undoubtedly increases the risk of user privacy breaches. This paper examines the introduction of non-resettable identifiers through system customization and their vulnerability due to poor access control. We present IDRadar, a scalable and accurate approach for identifying vulnerable properties and settings on custom Android ROMs. Applying our approach to 1,814 custom ROMs, we have identified 8,192 system properties and 3,620 settings that store non-resettable identifiers, with 3,477 properties and 1,336 settings lacking adequate access control, which can be abused by third-party apps to track users without permissions. Our large-scale analysis can identify a large number of security issues which are two orders of magnitude greater than existing techniques. We further investigate the root causes of these access control deficiencies. Validation on 32 devices through the remote testing service confirmed our results. Additionally, we observe that the vulnerable properties and settings occur in devices of the same OEMs. We have reported our findings to the vendors and received positive confirmations. Our work underscores the need for greater scrutiny of covert access channels to device identifiers and better solutions to safeguard user privacy.

Related papers

Your Signal, Their Data: An Empirical Privacy Analysis of Wireless-scanning SDKs in Android [3.830984415546144]
Mobile apps frequently use Bluetooth Low Energy (BLE) and WiFi scanning permissions to discover nearby devices. Wireless interfaces also serve as a covert proxy for geolocation data, enabling continuous user tracking and profiling. We conduct the first systematic analysis of 52 wireless-scanning SDKs, revealing their data collection practices and privacy risks.
arXiv Detail & Related papers (2025-03-19T14:15:02Z)
A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development. This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information. Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z)
Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs) For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
arXiv Detail & Related papers (2024-01-12T14:58:15Z)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
Locally Authenticated Privacy-preserving Voice Input [10.82818142802482]
Service providers must authenticate their users, although individuals may wish to maintain privacy. Preserving privacy while performing authentication is challenging, particularly where adversaries can use biometric data to train transformation tools. We introduce a secure, flexible privacy-preserving system to capture and store an on-device fingerprint of the users' raw signals.
arXiv Detail & Related papers (2022-05-27T14:56:01Z)
SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset. Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data. We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
arXiv Detail & Related papers (2022-03-29T02:56:40Z)
Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z)
Biometrics: Trust, but Verify [49.9641823975828]
Biometric recognition has exploded into a plethora of different applications around the globe. There are a number of outstanding problems and concerns pertaining to the various sub-modules of biometric recognition systems.
arXiv Detail & Related papers (2021-05-14T03:07:25Z)
A Non-Intrusive Machine Learning Solution for Malware Detection and Data Theft Classification in Smartphones [0.06999740786886537]
Successful mobile malware attacks could steal a user's location, photos, or even banking information. There is a need besides just detecting malware intrusion in smartphones to also identify the data that has been stolen to assess, aid in recovery and prevent future attacks. We propose an accessible, non-intrusive machine learning solution to not only detect malware intrusion but also identify the type of data stolen for any app under supervision.
arXiv Detail & Related papers (2021-02-12T13:31:27Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)
Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
DP3T provides a technological foundation to help slow the spread of SARS-CoV-2. System aims to minimise privacy and security risks for individuals and communities.
arXiv Detail & Related papers (2020-05-25T12:32:02Z)
A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging [0.0]
We propose a solution leveraging GPS to detect proximity, and Bluetooth to improve accuracy, without enabling exchange of identifiers. Unlike related existing solutions, no complex cryptographic mechanism is adopted, while ensuring that the server does not learn anything about locations of users.
arXiv Detail & Related papers (2020-05-20T18:48:20Z)

This list is automatically generated from the titles and abstracts of the papers in this site.