EXADPrinter: Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Toggle automatic slides maximization | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Seek 1 frame backward | alt + left arrow |
Seek 1 frame forward | alt + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Android is the dominant mobile operating system, powering more than 70% of the global mobile market and presenting a significant opportunity for user tracking. As privacy regulations tighten around how personal data can be used and collected, trackers are looking for alternatives that are under less scrutiny to evade detection. Device fingerprinting has emerged as a key solution, allowing trackers to create identifiers without user consent in a stealthy manner. Despite the extensive research on fingerprinting done from a web browser in the past decade, device fingerprinting on Android remains relatively understudied, with limited literature exploring its specific techniques and implications for user privacy. In this study, we introduce EXADPrinter, a novel exhaustive permissionless device fingerprinting framework targeting Android devices. Without requiring permissions, our framework extracts over 200,000 properties per device by leveraging methods such as Java reflection and execution of shell commands. Through a dedicated Android application and a 6-month data collection, we gathered over 1151 fingerprints coming from 833 different Android devices, covering 41 manufacturers and 7 Android versions ranging from 9 to 15. Through our framework, we demonstrate that diverse data can be collected about the device hardware, the operating system running on it, and the user, without requiring special permissions. We show that combining a few attributes without any IDs or personal information is enough to uniquely identify each device of our dataset, painting a bleak picture of the current state of the Android ecosystem. Moreover, our framework highlights the negative impact of custom operating systems and manufacturer-specific customizations as they enhance the device fingerprinting effectiveness. Furthermore, EXADPrinter uncovers some leakage of sensitive information caused essentially by manufacturer customizations, including the exposure of user emails, emergency contacts, and persistent identifiers such as SIM identifiers.
Other media in the channel "2025"
7 views, 7 this year, 7 this monthMetadata Protection in Instant Messaging Applications: a ReviewJuly 3rd, 2025
4 views, 4 this year, 4 this monthThe Even Darker Web - Dirty tricks and questionable code choices on some of the world's largest websitesJuly 4th, 2025
13 views, 13 this year, 13 this monthAnalyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulatorJuly 3rd, 2025
8 views, 8 this year, 8 this monthFun with flags: How Compilers Break and Fix Constant-Time CodeJuly 3rd, 2025
11 views, 11 this year, 11 this monthSecrets at Sea: Hunting Exposed Code & Container RegistriesJuly 3rd, 2025
9 views, 9 this year, 9 this monthRootAsRole: Simplifying Linux Privileges and Fortifying Ansible DeploymentsJuly 3rd, 2025