A lightweight user tracking method for app providers

Since 2013, Google and Apple no longer allow app providers to use the persistent device identifiers (Android ID and UDID) for user tracking on mobile devices. Other tracking options provoke either severe privacy concerns, need additional hardware or are only practicable by a limited number of companies. In this paper, we present a lightweight method that overcomes these weaknesses by using the set of installed apps on a device to create a unique fingerprint. The method was evaluated in a field study with 2410 users and 175,658 installed apps in total. The sets of these installed apps are unique in 99.75% of all inspected users. Furthermore, by reducing the granularity from apps to app categories to lessen users' privacy concerns, the results remain highly unique with an identification rate of 96.22%. Since the information of installed apps and app categories on each device is freely available for any app developer, the method is a valuable instrument for app providers.

[1]  Jakob Hasse,et al.  Forensic identification of GSM mobile phones , 2013, IH&MMSec '13.

[2]  V. Esichaikul,et al.  An empirical study of the effects of permission on mobile advertising effectiveness , 2010, PICMET 2010 TECHNOLOGY MANAGEMENT FOR GLOBAL ECONOMIC GROWTH.

[3]  Alexander Ilic,et al.  Reality-Mining with Smartphones: Detecting and Predicting Life Events based on App Installation Behavior , 2015, ICIS.

[4]  Wouter Joosen,et al.  On the Workings and Current Practices of Web-Based Device Fingerprinting , 2014, IEEE Security & Privacy.

[5]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[6]  Alex Pentland,et al.  Predicting Personality Using Novel Mobile Phone-Based Metrics , 2013, SBP.

[7]  David N. Chin,et al.  Social Media Sources for Personality Profiling , 2014, UMAP Workshops.

[8]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[9]  Claude Castelluccia,et al.  On the Unicity of Smartphone Applications , 2015, WPES@CCS.

[10]  Claude Castelluccia,et al.  The Leaking Battery - A Privacy Analysis of the HTML5 Battery Status API , 2015, DPM/QASA@ESORICS.

[11]  James Bailey,et al.  Is this you?: identifying a mobile user using only diagnostic features , 2014, MUM.

[12]  Alexander Ilic,et al.  Towards Understanding the Impact of Personality Traits on Mobile App Adoption - A Scalable Approach , 2015, ECIS.

[13]  Prasant Mohapatra,et al.  Predicting user traits from a snapshot of apps installed on a smartphone , 2014, MOCO.