1、#SECTORCA BlackHatEventsHyTrack:Tracking You Across Apps and the Web Hydra-StyleMalte Wessels#SECTORCA BlackHatEventsAbout mePhD Student Institute for Application Security/TU BraunschweigInterested in all things Security and PrivacyCTF CyberTaskForce ZeroHelping at datarequests.org#SECTORCA BlackHat
2、EventsImage:Adrien Unsplash License#SECTORCA BlackHatEventsTrackingMost app devs want to make revenue.Apps often use trackingE.g.,“User uses App X,Feature Y,likes Thing Z”to profile users for personalized ads.To sell user data directly.#SECTORCA BlackHatEventsDevelopers resort to third-party SDKs an
3、d libraries.Tracking or Advertisment providers offer solutions.Our assumption:One(fictional)tracking provider used by multiple apps.Tracking Providers#SECTORCA BlackHatEventsSandbox#SECTORCA BlackHatEventsSandboxhttps:/ BlackHatEventsCurrent Tracking TechniquesGoogle AD ID(Android)Identifier for Adv
4、ertisers(IDFA)(iOS)38400000-8CF0-11BD-B23E-10B96E40000DEA7583CD-A667-48BC-B806-42ECB2B4860600000000-0000-0000-0000-00000000000000000000-0000-0000-0000-000000000000USER#SECTORCA BlackHatEventsFingerprintingAndroid VersionSupported APIsScreen DimensionsCPU and GPU TimingsVolatileExternal FactorsUpdate
5、s,etc.Image:George Prentzas Unsplash License#SECTORCA BlackHatEventsWe present a new tracking technique on Android:HyTrack#SECTORCA BlackHatEventsWeb Content on AndroidFour ways!1st:Fire an ACTION_VIEW Intent(IPC Message).Open the browser and loads the page.#SECTORCA BlackHatEventsWebViewEmbed web c
6、ontent component.No batteries included.Have to implement browser features yourself.History of security issues.#SECTORCA BlackHatEventsCustom TabsOpen a special browser tab inside your app.Share the browser state with browser.The look of the URL bar is customizable.+Users are already logged in due to