Page:Not Your Average App, A Large-scale Privacy Analysis of Android Browsers.pdf/1

ABSTRACT

The privacy-related behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one hand, they can have access to (and can expose) a unique combination of sensitive user data, from users' browsing history to permission-protected personally identifiable information (PII) such as unique identifiers and geolocation. On the other hand, they are in a unique position to protect users' privacy by limiting data sharing with other parties by implementing adblocking features.

In this paper, we perform a comparative and empirical analysis on how hundreds of Android web browsers protect or expose user data during browsing sessions. To this end, we collect the largest dataset of Android browsers to date, from the Google Play Store and four Chinese app stores. Then, we develop a novel analysis pipeline that combines static and dynamic analysis methods to find a wide range of privacy-enhancing (e.g., ad-blocking) and privacy-harming behaviors (e.g., sending browsing histories to third parties, not validating TLS certificates, and exposing PII—including non-resettable identifiers—to third parties) across browsers. We find that various popular apps on both Google Play and Chinese stores have these privacy-harming behaviors, including apps that claim to be privacy-enhancing in their descriptions. Overall, our study not only provides new insights into important yet overlooked considerations for browsers' adoption and transparency, but also that automatic app analysis systems (e.g., sandboxes) need context-specific analysis to reveal such privacy behaviors.

1 INTRODUCTION

Mobile browsers (i.e., apps that allow users to visit websites) are complex, powerful, and poorly understood software systems that account for 55% of global website visits [119]. Their critical role as one of the primary gateways to the web, and the rich set of features that they support, make mobile browsers a particularly interesting platform to study from a privacy perspective. On the one hand, mobile browsers can enhance user privacy in unique ways by implementing features such as blocking web trackers and advertisers, enforcing secure network protocols wherever possible, and minimizing personal data exposure [75, 81, 96, 97, 130]. However, they can also inflict privacy harms by harvesting and exposing permission-protected information such as unique identifiers or user geolocation to third parties (as is commonly found in non-browser apps), or indirectly by making them available to website scripts via JavaScript APIs. Further, they may expose browser-specific sensitive data such as users' browsing history or credentials to third-parties due to poor design choices or a need to generate revenue, potentially at the expense of user privacy [42, 108, 113, 130].

Despite their potential for harm, the research community has largely overlooked the privacy threats inherent to mobile browsers. Early studies focused on a small set of browsers [74, 128] and identified isolated cases of "privacy protecting" browsers deceiving their userbase and abusing their access to personal and browsing data for tracking purposes [71, 102]. In this paper, we augment the state-of-the-art by conducting the first large-scale, systematic, and multidimensional analysis of the privacy behavior of 424 Android browsers available in public app markets (including the Google Play Store and four Chinese markets) and others pre-loaded by certain phone vendors. Specifically, we study and characterize: (1) how mobile browsers help or harm users' privacy during the course of web browsing sessions; (2) what additional permission-protected personal data mobile browsers collect and share with other parties, and the implications of such data collection; and (3) how the combination of these behaviors impacts the overall privacy disposition of the mobile browsers in our dataset.

While there is a significant amount of work on mobile app privacy space in general, the study of mobile browsers poses unique

KEYWORDS

android, privacy, mobile browsers

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license visit https://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Proceedings on Privacy Enhancing Technologies YYYY(X), 1–18 © YYYY Copyright held by the owner/author(s). https://doi.org/XXXXXXX.XXXXXXX