While mobile devices such as smartphones have gained tremendous popularity throughout the past few years, privacy concerns are rising likewise. Both developers of applications and mobile websites have the incentive to uniquely identify devices in order to deliver targeted advertisements, tracking the users activities, etc. While platforms such as iOS address privacy aspects in many ways (iOS 6 removed access to the unique device token for application developers, apps have limited access to the filesystem, etc.), we show that the combination of semi-stable characteristics of these devices (e.g. the list of installed apps) can be used to uniquely identify devices and thus invade the user’s privacy. In this talk, we present methods for the generation of robust device fingerprints and discuss mitigation strategies to limit tracking possibilities and thus raise privacy.
Sebastian Schrittwieser heads the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks https://www.jrz-target.at and is a lecturer for IT security at the University of Applied Sciences St. Pölten, Austria. He received a doctoral degree in informatics with focus on information security from the Vienna University of Technology in 2014. Sebastian’s research interests include, among others, network analysis, digital forensics, binary analysis, and mobile security. Furthermore, Sebastian is a senior expert at Kibosec GmbH.