OCScraper: Automated Analysis of the Fingerprintability of the iOS API

Gerald Palfinger; Gerald Palfinger

doi:10.5220/0012089600003555

OCScraper: Automated Analysis of the Fingerprintability of the iOS API

Gerald Palfinger, Gerald Palfinger

2023

Abstract

Tracking has allowed application providers to offer the vast majority of their applications for free as it allows them to target advertising. However, tracking has proven to be an invasion of user privacy. To counter this, operating system vendors have removed access to unique identifiers in their APIs. Nevertheless, applications can still combine other non-unique data from the device to create a unique fingerprint. Until now, it has not been well understood what kind of information is available to do so on iOS. This paper addresses this gap by introducing the OCScraper framework, a tool for automatically discovering fingerprintable information sources on iOS devices. OCScraper does this by systematically crawling the API of the operating system. In the process, it creates objects on which methods are called and properties are queried. In our evaluation, we show that OCScraper can successfully invoke a large number of methods and retrieve the majority of parameters. We discover hundreds of robust information sources that provide distinct bits of information which can be used to create a cross-application fingerprint.

Download

Paper Citation

in Harvard Style

Palfinger G. (2023). OCScraper: Automated Analysis of the Fingerprintability of the iOS API. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 433-441. DOI: 10.5220/0012089600003555

in Bibtex Style

@conference{secrypt23,
author={Gerald Palfinger},
title={OCScraper: Automated Analysis of the Fingerprintability of the iOS API},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={433-441},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012089600003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - OCScraper: Automated Analysis of the Fingerprintability of the iOS API
SN - 978-989-758-666-8
AU - Palfinger G.
PY - 2023
SP - 433
EP - 441
DO - 10.5220/0012089600003555
PB - SciTePress