• catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    54
    ·
    11 months ago

    tl;dr: the three colors returned by the Android API are probably unique enough to fingerprint your, especially with other data points.

    Doesn’t really seem like a privacy violation to me, though. There are far more unique ways to fingerprint someone if you’re already running your app on their device.

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    1
    ·
    11 months ago

    Mixed feelings about this article. In short, it presents a new way of fingerprinting devices.

    While it’s an interesting fingerprinting strategy, this is just one of many ways that a device can be fingerprinted. Do your best to avoid installing applications you don’t trust to protect your privacy.

    Also, the recommendations of the article don’t make much sense. Anti malware on Android? Ridiculous and ineffective.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      11 months ago

      Is there any better anti-malware solution available to the average (read: not using F-Droid) user than the Google Play Store? If third party cookie blocking in Chrome has shown us anything, it’s that Google prefers to monopolize data collection.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        12
        ·
        11 months ago

        No. There is no room for anti-malware services in the Android design.

        Such software needs permissions that reach outside of the Android security model to do things like access other application data without its consent.

        Imagine for a moment that you could install anti malware with some kind of super user permission that lets the software access everything it needs to do its job. If so, malware would immediately attempt to use that feature as well, either to steal more of your data or inject itself into other applications.

        Play Services is special because it operates with much higher privileges than third party software can obtain.

        Now, in theory you can still scan applications before they are installed, but I would argue that there’s very limited value in doing so. If you’re installing software from sources you don’t trust, you have bigger problems. You can’t rely on a signature matching engine to detect malware in the general case.

  • Eggyhead@kbin.social
    link
    fedilink
    arrow-up
    9
    ·
    11 months ago

    Basically Android will change its UI coloring to align with your background image, and 3rd parties get access to knowledge about your designated UI colors, right? I get how that can be a privacy concern.

    What happens if you set your wallpaper to automatically change every other hour or so? Does android allow that?

    • sloppy_diffuser@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      12
      ·
      11 months ago

      This is common for scraping even on desktop.

      Dark mode, screen resolution, window size, and installed fonts are all tracking points plus hundreds more.

      As I understand it, randomizing can make you stand out more as an outlier. Its better to blend with the herd. VPNs help by putting a bunch of clients behind the same IP, but if you stand out based on activity, an advanced enough algorithm may pick you out by what’s static and by what’s always changing.

      • Eggyhead@kbin.social
        link
        fedilink
        arrow-up
        8
        ·
        11 months ago

        randomizing can make you stand out more as an outlier

        I’m sure, but if you have a specific set of colors matching a specific picture on your phone that nobody else has, I imagine that would be more easily traceable than if it were automatically switched out every once in a while. Granted, the other aspects you mentioned might be enough to just render the effort redundant anyway.

  • GravitySpoiled@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    2
    ·
    11 months ago

    I dealt with this by using only trusted software. Problem solved. Neither kvaesitso nor lemmy or element will abuse it.

      • InternetCitizen2@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        So where do I get some wallpapers? I don’t really care that much how it looks. Just that it looks decent in both light/dark modes and does not clash with icons so its hard to see them.

        • /home/pineapplelover@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Just search online somewhere “[something of interest] wallpaper”. You’ll probably find good wallpapers on some wallpaper websites.

      • user@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        11 months ago

        Thas like saying “Tor users are easily fingerprinted because they are using Tor.” GrapheneOS has more than 200,000 users not including the other people on the outside who also have black wallpaper (a lot).

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    11 months ago

    This only is a problem if you install apps that track you. If you only use F-droid the risks become much lower

  • sabreW4K3@lemmy.tf
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    19
    ·
    edit-2
    11 months ago

    I use Muzei and my wallpaper changes every half hour, so I’m not really affected.

    But even if I was, so the fuck what? If you’re sacrificing your personal enjoyment of your phone for privacy, you’re either a secret agent or you’re overly paranoid.

    Most of us are running adblocking at the DNS level, so what exactly are you worried about?

    Paranoia for the sake of paranoia is stupid!

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      11 months ago

      If you’re sacrificing your personal enjoyment of your phone for privacy, you’re either a secret agent or you’re overly paranoid.

      Most of us are running adblocking at the DNS level

      To actually address this, pretty much every privacy improvement you can make on your phone, your computer, or your everyday life comes at the cost of convenience. It’s not impossible to see usability benefits along with privacy ones, like the ad blocking you mentioned, but that’s the exception and not the rule.

      • sabreW4K3@lemmy.tf
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Let’s be honest though, “don’t set a wallpaper, in case they track you” is extreme. It’s the privacy equivalent of the £1000 Ethernet Cables.