Member-only story
Fingerprinting on Android — Even Without Permissions
Understanding Fingerprinting in the Modern App Ecosystem (2/3)
In this part of the series, we will take a closer look at what Device Fingerprinting means in practice. While Part 1 gave an overview of how fingerprinting works across platforms, this section is for engineers who work at the code level.
We’ll explore what specific data points are used, how they’re combined, and how apps can unintentionally enable fingerprinting just by assembling or including certain SDKs.
I don’t need your permission
Most Android developers are used to thinking about privacy in terms of permissions: camera, location, contacts, and so on.
But what if an app could uniquely identify a device without requesting anything at all?
That’s one of the concerns uncovered in the research paper by Google researchers. The study analysed over 228,000 SDKs across 178,000 Android apps using static taint-flow analysis, uncovering over 500 unique signals used for device fingerprinting.
