Fingerprinting SDKs for Mobile Apps and Where to Find Them: Understanding the Market for Device Fingerprinting

• URL: http://arxiv.org/abs/2506.22639v1
• Date: Fri, 27 Jun 2025 21:05:48 GMT
• Title: Fingerprinting SDKs for Mobile Apps and Where to Find Them: Understanding the Market for Device Fingerprinting
• Authors: Michael A. Specter, Mihai Christodorescu, Abbie Farr, Bo Ma, Robin Lassonde, Xiaoyang Xu, Xiang Pan, Fengguo Wei, Saswat Anand, Dave Kleidermacher,
• Abstract summary: This paper presents a large-scale analysis of fingerprinting-like behavior in the mobile application ecosystem.<n>We take a market-based approach, focusing on third-party tracking as enabled by applications' common use of third-party SDKs.<n>To the best of our knowledge, this represents the largest-scale analysis of SDK behavior undertaken to date.
• Score: 12.531894763016172
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: This paper presents a large-scale analysis of fingerprinting-like behavior in the mobile application ecosystem. We take a market-based approach, focusing on third-party tracking as enabled by applications' common use of third-party SDKs. Our dataset consists of over 228,000 SDKs from popular Maven repositories, 178,000 Android applications collected from the Google Play store, and our static analysis pipeline detects exfiltration of over 500 individual signals. To the best of our knowledge, this represents the largest-scale analysis of SDK behavior undertaken to date. We find that Ads SDKs (the ostensible focus of industry efforts such as Apple's App Tracking Transparency and Google's Privacy Sandbox) appear to be the source of only 30.56% of the fingerprinting behaviors. A surprising 23.92% originate from SDKs whose purpose was unknown or unclear. Furthermore, Security and Authentication SDKs are linked to only 11.7% of likely fingerprinting instances. These results suggest that addressing fingerprinting solely in specific market-segment contexts like advertising may offer incomplete benefit. Enforcing anti-fingerprinting policies is also complex, as we observe a sparse distribution of signals and APIs used by likely fingerprinting SDKs. For instance, only 2% of exfiltrated APIs are used by more than 75% of SDKs, making it difficult to rely on user permissions to control fingerprinting behavior.

Related papers

• Your Signal, Their Data: An Empirical Privacy Analysis of Wireless-scanning SDKs in Android [3.830984415546144]
  Mobile apps frequently use Bluetooth Low Energy (BLE) and WiFi scanning permissions to discover nearby devices.<n>Wireless interfaces also serve as a covert proxy for geolocation data, enabling continuous user tracking and profiling.<n>We conduct the first systematic analysis of 52 wireless-scanning SDKs, revealing their data collection practices and privacy risks.
  arXiv  Detail & Related papers  (2025-03-19T14:15:02Z)
• Scalable Fingerprinting of Large Language Models [46.26999419117367]
  We introduce a new method, dubbed Perinucleus sampling, to generate scalable, persistent, and harmless fingerprints.<n>We demonstrate that this scheme can add 24,576 fingerprints to a Llama-3.1-8B model without degrading the model's utility.
  arXiv  Detail & Related papers  (2025-02-11T18:43:07Z)
• Assessing Privacy Compliance of Android Third-Party SDKs [16.975384208528972]
  Third-party Software Development Kits (SDKs) are widely adopted in Android app development.<n>This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information.<n>Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
  arXiv  Detail & Related papers  (2024-09-16T15:44:43Z)
• A Universal Latent Fingerprint Enhancer Using Transformers [47.87570819350573]
  This study aims to develop a fast method, which we call ULPrint, to enhance various latent fingerprint types. In closed-set identification accuracy experiments, the enhanced image was able to improve the performance of the MSU-AFIS from 61.56% to 75.19%.
  arXiv  Detail & Related papers  (2023-05-31T23:01:11Z)
• Latent Fingerprint Recognition: Fusion of Local and Global Embeddings [30.40684369054112]
  We combine global embeddings with local embeddings for state-of-the-art latent to rolled matching accuracy with high throughput. We show the generalizability of the fused representations for improving authentication accuracy across several rolled, plain, and contactless fingerprint datasets.
  arXiv  Detail & Related papers  (2023-04-26T19:42:57Z)
• Minutiae-Guided Fingerprint Embeddings via Vision Transformers [34.516748746229325]
  We learn a discriminative fixed-length fingerprint embedding using a Vision Transformer (ViT) We show that by fusing embeddings learned by CNNs and ViTs we can reach near parity with a commercial state-of-the-art (SOTA) matcher. Our fixed-length embeddings can be matched orders of magnitude faster than the commercial system.
  arXiv  Detail & Related papers  (2022-10-25T13:08:32Z)
• Uncovering Fingerprinting Networks. An Analysis of In-Browser Tracking using a Behavior-based Approach [0.0]
  This thesis explores the current state of browser fingerprinting on the internet. We implement FPNET to identify fingerprinting scripts on large sets of websites by observing their behavior. We track down companies like Google, Yandex, Maxmind, Sift, or FingerprintJS.
  arXiv  Detail & Related papers  (2022-08-15T18:06:25Z)
• Mobile Behavioral Biometrics for Passive Authentication [65.94403066225384]
  This work carries out a comparative analysis of unimodal and multimodal behavioral biometric traits. Experiments are performed over HuMIdb, one of the largest and most comprehensive freely available mobile user interaction databases. In our experiments, the most discriminative background sensor is the magnetometer, whereas among touch tasks the best results are achieved with keystroke.
  arXiv  Detail & Related papers  (2022-03-14T17:05:59Z)
• PrintsGAN: Synthetic Fingerprint Generator [39.804969475699345]
  PrintsGAN is a synthetic fingerprint generator capable of generating unique fingerprints along with multiple impressions for a given fingerprint. We show the utility of the PrintsGAN generated by training a deep network to extract a fixed-length embedding from a fingerprint.
  arXiv  Detail & Related papers  (2022-01-10T22:25:10Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)
• Towards Palmprint Verification On Smartphones [62.279124220123286]
  Studies in the past two decades have shown that palmprints have outstanding merits in uniqueness and permanence. We built a DCNN-based palmprint verification system named DeepMPV+ for smartphones. The efficiency and efficacy of DeepMPV+ have been corroborated by extensive experiments.
  arXiv  Detail & Related papers  (2020-03-30T08:31:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.