Bug Fixes, Improvements,... and Privacy Leaks: A Longitudinal Study of PII Leaks Across

Android App Versions Jingjing Ren∗, Martina Lindorfer†, Daniel J. Dubois∗,

Ashwin Rao‡, David Choffnes∗, Narseo Vallina-Rodriguez§

∗Northeastern University †UC Santa Barbara ‡University Of Helsinki §IMDEA Networks Institute And ICSI

Sponsored by:

II JOANN - Crafts & Coupons Jo-Ann Stores

f. Everyone

UN INSTALL UPDATE

Downloads 25,220 .:. Lifestyle Similar

The same coupons & offers you luve, PLUS the

option to creat e & share content.

~:~ WHAT'S NEW

Bug fixes and performance improvements.

.tin:troid Mess~es :17 MB

Google Docs Google, Inc.

•'i?@i+ • 4.6***** 4+

What's New Version History

Version 1.2018.04203 3d ago

* Bug f ixes and performance improvements

Preview

a YouTube: Watch, Listen, Slrcom JiJI 23, 2C,18

UPDATE

General fixes and stabirty improvemen1s.

Motivation

JOANN LOCATION LEAK FREQUENCY

Evolution of Privacy in Mobile Devices

3,545 times in a week

0

35 36

84

50 68

80 20 40 60 80 100

Number of Times

Version

How does mobile privacy evolve over time? or

What Do I Mean by “Privacy” in This Work? What information is shared? How is it being shared? Where is it going?

Personally Identifiable Information Transport security Destination party: (PII) Plaintext First (app owner)

Tracking ID, User information or or Location, Contact, … Encrypted Third (advertising & analytics)

Why do we care? • Data Aggregation • Eavesdropping Attack

Experiment Methodology Selecting apps

– 512 Android apps, 7,665 unique versions (APKs), 8 years Interaction with apps

– manual is good, … but not scalable – Automated and scripted interaction: Monkey!

• randomly generated events with good coverage • login and replay across the versions

MITM proxy to intercept HTTP(S) traffic PII detection: ReCon + manual validation

Privacy Attributes Password

Gender HTTPS

Location

1st Party

instagram.com

PII Types HTTP Android ID tracking.com

3rd Party GSF ID 3rd 1st

Ad ID Party

Password(2) I • • • I • • • • I • I Gender(3) I

Location(4)

Android 10(232) • GSF 10(1) I

y sometimes

Case study: Pinterest

HTTPS

HTTP

High variance in privacy risks across versions

Sends password to a third party in 2 out of 12 versions

More types (gender, location, android ID etc.) are leaked

Increased frequency for Android ID

HTTPS is used 2 onl Jan. 5, 2017: disclosed

Feb. 7, 2017: fixed 3rd 1st Party

232

Aggregate Trends in Privacy • PII leaks can change substantially across versions • HTTPS Adoption is slow Takes apps years to adopt HTTPS for supported domains

• Third-party tracking is pervasive and broad Evolving tracking systems: hard-coded ID => resettable Ad ID Permanent linkage between tracking ID and PII: >100 domains

=6' CD -~ "iij E .... 0 z -.lli: en ii: "C

CD C

::c E 0

0

0.7 0.65

0.6 0.55

0.5 0.45 0.4

<PII, Destination> -

I i i l i i 1 i i !

···········-·; ······-····· ; ............. : ········-··-·;-·············: ··········-·· :-·-··-·······: ············-: ···-·········: .. : : : : : : : : ' ' ' ' ' ' ' ' . ' ' . ' ' ' '

········-··-· ! ···-··-··-·· :---···-···-·· i ········-··-·j-··-···-···-··i ·······-··---:··-······-··· :--···-···----:---cJ-- ·-----+-------------+--j i i i ! : :

: : : : : ' ' ' ' ' : : : : : ' ' ' ' '

- - -: - - - :- - - : - - - -:- - - --: - - -r,- .:,-1 -----------f-------------+--------------~--------------f--: i i !

0.35 -+-----+---+---+-----+-~-~~-~-+-----+-

~,-..."' ~ .... ~ ~ .... ~ ~ .... ~ ~~ ~~ ~~ ~~ ~..._re, ~..._re, ~~ ~~~ ~~ f::l~~ s-~ ~ .... ~ s-~ ~~~ s-~ ~~f::l s-~ ~ .... ~

Is Privacy Getting Better or Worse?

Combined privacy worsens over time • mainly due to more PII types and more domains

Conclusion • Privacy has worsened over time

• PII leaks can change substantially across versions • HTTPS Adoption is slow • Third-party tracking is pervasive and broad

• Need for continuous monitoring • ReCon, Lumen, AntMonitor etc.

- -· SHOULD YOU UPDATE YOUR APP?

"iiv:!c) ~rDfr ,.,. SilesCo ta Id

• IITttl't • IIITTkl a rf'lld. a llTil_,.

.1.1 ____ 1111

I I 111. I I I

SHOULD YOU UPDATE YOUR APP?

Pilllffll .;,Mi&M P r:acv Leaks

i· _ .. / / ·· . ......... ~/,,, ,.,,,,.., ~~, .. :·,,• .. ...,, .... ~.:...,, '''(,,..., .... ·~-¼~~ ..

o,~

Prelereaces,., .. ,

Hl'S.101!1

•n«tD45 IMWM1 l5

• '111ts,11..,~~:•"? ;v.-,....,,i,,,,,...1,o,• ·n,,r,1u1,-~

l

https://recon.meddle.mobi/appversions/