Abstract

Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary third-party apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time.

Full Paper: Fingerprinting Mobile Devices Using Personalized Configurations.
Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck and Felix Freiling.
Proceedings on Privacy Enhancing Technologies (PoPETS), 2016 (1) , 4–19, to appear 2016. (PDF)

Source Code: The source code of our “Unique” app that was placed in the App Store for fingerprint collection is available at https://github.com/ay-kay/unique.

Contact: For general questions on this research project, please contact us at i1_unique-app@i1.cs.fau.de.