7

As a follow-on to these questions:

What unique fingerprinting information can an iOS7 app collect?

What unique device fingerprinting information can an iOS8 app collect?

What unique device fingerprinting information can an iOS9 app collect?

What unique fingerprinting information can an iOS 10 app collect?

What unique device fingerprinting information can an iOS 11 app collect?

Apple Progress since iOS 11:

  • re: Motion Sensors (accelerometer, gyroscope, magnetometer): "On iOS 12 12.2, Apple adopted our suggestion (§VI) and added random noise to the ADC outputs. Apple also removed access to motion sensors from Mobile Safari by default." SENSORID: Sensor Calibration Fingerprinting for Smartphones It's unclear if Apple removed access to motion sensors from apps, or if sensors are covered by the "Motion and Fitness" privacy setting.

  • In iOS 12, Apple has introduced device fingerprinting protections in Safari "by only sharing a simplified system profile". However, it's unclear the extent of these protections, and the extent to which they carry over to app web views or other app system profile access.

Other Open Questions:

  • As always there is basic system info available similar to what any web page can access: IP address, HTTP headers, etc. Many of these are low entropy or can be changed by the user through various means, but it may be possible to combine enough for a reasonable identification. Or for reasonable enough correlation for cross-device tracking.

  • It appears that apps can only get enhanced information about a Wi-Fi hotspot with a special entitlement from Apple (it's not clear to the layperson exactly what information). However, there does appear to be a way to obtain network name of the current Wi-Fi network, which is a problem because it can allow location tracking and therefore also correlations to other people or sensitive places. [See UPDATE below]

  • What uses exist of persistent data stores by apps, or by apps across an app group, that survive app (or app group) deletion? Are there any persistent data stores that survive device erase and restore, that can be accessed by an app after restore?

Are there any other fingerprinting vectors or open questions?

In general, what remaining device fingerprinting privacy / security vulnerabilities still exist as of iOS 12, particularly those that have no user settings or user actions that can thwart them?

UPDATE: Since it's late in the upgrade cycle, some new WWDC information on iOS 13:

  • Location access permission will be required to access the Wi-Fi AP name and MAC address (unless the app is the current VPN or hotspot app). p.86

  • User consent is now required for all CoreBluetooth API’s, "to find and connect to Bluetooth accessories, and allow your device to be found over Bluetooth." p.43

pseudon
  • 1,420
  • 9
  • 20
  • https://www.wsj.com/articles/iphone-privacy-is-brokenand-apps-are-to-blame-11559316401 specifically mentions screen brightness and battery level. Note that battery level is not available to iOS browsers, but is available to apps. – pseudon May 31 '19 at 18:10
  • https://www.washingtonpost.com/technology/2019/05/28/how-limit-iphone-app-tracking/ specifically mentions device name (editable), model, ad identifier (turn "Limit Ad Tracking" on), memory size, and accelerometer motion data (see above). – pseudon May 31 '19 at 18:21

2 Answers2

2

What uses exist of persistent data stores by apps, or by apps across an app group, that survive app (or app group) deletion

If I understood the question correctly, looks like all app-specific keychain items still survive app uninstall (as confirmed by Apple Staff back in Dec 2017). It changed for a while in iOS 10.3 beta, but reverted back by GM and never disappeared since that time (I could not find any evidence of the otherwise; Apple's article on using keychain for developers still says "you'll want to remove password item from the keychain"; it doesn't says a developer should remove everything nor allow for automatic removal of it by iOS).

Moreover, there don't seem to exist any way for end user to remove such app-specific pieces from iOS local keychain.

On the above link, there's email of Apple Developer Relations to further inquire on this as of iOS 12/13.

  • 1
    That's very helpful information. I wouldn't be surprised if Apple shuts this down in the future, but for now, reset to factory seems to be the only way. The only question is whether these keychain items get sync'd to iCloud Keychain. In that case, there is no way around the possibility of having two app accounts linked if you want to re-install an app with a different app user account - other than to not use iCloud Keychain. – pseudon Sep 27 '19 at 16:28
0

Inadvertently added to older question (ios 10), hence why this appears duplicate.

As always there is basic system info available similar to what any web page can access: IP address, HTTP headers, etc. Many of these are low entropy or can be changed by the user through various means, but it may be possible to combine enough for a reasonable identification. Or for reasonable enough correlation for cross-device tracking.

You have answered your own question.

You can be fingeprinted merely through access via a web browser. Given an install on an ios device has in-practice all the capability of a web browser, and more on-top. Look at canvas detection etc. https://browserleaks.com/ is a good example of some basic methods.

Advanced techniques just gather a crapload of data and feed it into AI, the big players, like in most aspects now, don't bother looking into factors too much in-depth, they just hire some maths wizards & let them train AI to do the rest.

If I can run Javascript & HTML, as in a browser, it is possible to fingerprint you to near 100% accuracy - your only mitigation would be pointless as it would take so much effort the cost of doing so would outweight any benefits - In most cases, those whom attempt to avoid fingerprinting only make themselves more unique/distinguishable.

In general, what remaining device fingerprinting privacy / security vulnerabilities still exist as of iOS 10, particularly those that have no user controls or actions that can thwart them?

*All those that exist in any web browser. I agree with you that app/web design should be much more permission-oriented & opt-in. I.e, assign each app as specific permissions as I want to. However, you can never prevent fingeprinting. Fingerprinting is merely correlation. Let me summarise the headache for you: You do everything to mitigate web tracking techniques. However, the NSA/GCHQ have intercepts on all global traffic. They can identify requests chained via proxy or VPN and can correlate them to fingerprint you merely by your connection latency.

Hence: you decide to increase or randomise connection latency. With a small tweak, GCHQ/NSA/whoever else can now identify you (via global taps) by identifying unusual/unique latencies on requests and receive connections (enabled via global taps on all comms).

I realise the example I give is complex and not to do with ios. But you ask an extremely broad question, and to give you an answer: You can be tracked, no matter what measures you take. Including on IOS 10. As discussed already, given I have basic web page capabilities I am already capable, letalone the other features all IOS versions offer.

Just to keep you busy, here's another one: You block your location, cool. The app requires internet connection to work (you want to use it as you have installed the app, so you obviously have no other choice than to permit wifi/internet connection). Gotcha, I now have your location via your wifi/network information thank's to Google's mapping data.

Have fun...

Reality
  • 128
  • 6
  • I doubt the 100% estimate is anywhere near correct on modern iOS versions. Apple has a large installed base, little configurability, users have a high rate of updating to the latest OS, and Apple has been systematically reducing fingerprinting surface area (including specific fingerprinting protections, like fonts and canvas). Not to say fingerprinting is obsolete, just that entropy is decreasing and I want to ID highest remaining risk items. – pseudon Jul 20 '19 at 00:44
  • My interest with these questions is what app makers can determine (routine commercial surveillance) and therefore what user best practices should be against that, rather than whether NSA can analyze endpoint traffic to ID me. iOS 13 as noted doesn't even allow apps to access the AP name without permission anymore, so no surreptitious location tracking. – pseudon Jul 20 '19 at 00:44
  • GPS stands for Global ***positioning*** system. It is merely correlation. Alike google has mapped wifi networks to position you, there are many other such simple techniques. My mistake on the wifi data, but nevertheless there are methods of retreiving this easily even if disallowed - idk if breaking the ios/apple's use terms is in your scope? I included the NSA thing to make the point, no matter the mitigation it cannot be prevented, and 'routine **comercial** surveillance' is actually much more advanced than you might think. At the end of the day 99% of users will not sacrifice the usability. – Reality Jul 20 '19 at 00:53
  • @pseudon I'm not an ios expert. But safariwebkit for sure should be on your hit list. If I can run that thing I can fingerprint you just as accurately as I described. Like I said too, I could - I'm not going to. However, facebook, google etc have the resources & incentive to, and once they've set it up it costs them next to nothing - and earns them alot. I'm not arguing against protections, to the contrary - I'm promoting that more actions be sent through a central permissions system where the user has choice. The solution isn't going to come from blocking unregulated javascript, etc functions – Reality Jul 20 '19 at 00:58
  • I just don't think it's as dire as this answer portrays. Sure, there's no 100% solution (there's also no fingerprint technique that uniquely identifies 100% across all iOS devices), but with appropriate full-device blocking (e.g., DNS- or VPN-based), built-in protections, and user best practices, I hypothesize that fingerprinting tracking (currently still a small fraction of all tracking) can be significantly reduced. – pseudon Jul 20 '19 at 01:19
  • Some apps are smarter than others, some don't fingerprint at all. If some fingerprinting can be thwarted, that's a win. Or, more egregiously invasive apps can be avoided. Most people aren't motivated or savvy enough to do it, but some ca, and they can educate others. – pseudon Jul 20 '19 at 01:20