当前位置:首页 > 报告详情

HyTrack:跨应用和网页追踪您的活动Hydra 式.pdf

上传人: 竿*** 编号:982106 2025-11-29 61页 6.46MB

1、#SECTORCA BlackHatEventsHyTrack:Tracking You Across Apps and the Web Hydra-StyleMalte Wessels#SECTORCA BlackHatEventsAbout mePhD Student Institute for Application Security/TU BraunschweigInterested in all things Security and PrivacyCTF CyberTaskForce ZeroHelping at datarequests.org#SECTORCA BlackHat

2、EventsImage:Adrien Unsplash License#SECTORCA BlackHatEventsTrackingMost app devs want to make revenue.Apps often use trackingE.g.,“User uses App X,Feature Y,likes Thing Z”to profile users for personalized ads.To sell user data directly.#SECTORCA BlackHatEventsDevelopers resort to third-party SDKs an

3、d libraries.Tracking or Advertisment providers offer solutions.Our assumption:One(fictional)tracking provider used by multiple apps.Tracking Providers#SECTORCA BlackHatEventsSandbox#SECTORCA BlackHatEventsSandboxhttps:/ BlackHatEventsCurrent Tracking TechniquesGoogle AD ID(Android)Identifier for Adv

4、ertisers(IDFA)(iOS)38400000-8CF0-11BD-B23E-10B96E40000DEA7583CD-A667-48BC-B806-42ECB2B4860600000000-0000-0000-0000-00000000000000000000-0000-0000-0000-000000000000USER#SECTORCA BlackHatEventsFingerprintingAndroid VersionSupported APIsScreen DimensionsCPU and GPU TimingsVolatileExternal FactorsUpdate

5、s,etc.Image:George Prentzas Unsplash License#SECTORCA BlackHatEventsWe present a new tracking technique on Android:HyTrack#SECTORCA BlackHatEventsWeb Content on AndroidFour ways!1st:Fire an ACTION_VIEW Intent(IPC Message).Open the browser and loads the page.#SECTORCA BlackHatEventsWebViewEmbed web c

6、ontent component.No batteries included.Have to implement browser features yourself.History of security issues.#SECTORCA BlackHatEventsCustom TabsOpen a special browser tab inside your app.Share the browser state with browser.The look of the URL bar is customizable.+Users are already logged in due to

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《HyTrack: Tracking You Across Apps and the Web》的内容,以下为全文关键点概括: 1. **HyTrack技术**:一种通过Android应用中的Custom Tabs和Trusted Web Activities(TWAs)进行用户跟踪的技术。 2. **跟踪方式**:通过在Custom Tabs中共享浏览器状态,不同应用间可以共享用户数据。 3. **影响范围**:超过20%的Android应用具有部署HyTrack的能力。 4. **分析结果**:在Google Play Store中抽取的4.4k个应用中,发现1.5k使用Custom Tab API,190使用Trusted Web Activity API。 5. **潜在风险**:HyTrack利用Custom Tabs的核心功能,难以通过不破坏功能的方式缓解。 6. **用户缓解措施**:使用广告拦截器如uBlock Origin来阻止HyTrack的部署。
隐私泄露新隐患?" HyTrack如何工作?" 你的隐私安全吗?"
客服
商务合作
小程序
服务号
折叠