Despite significant effort from the research community in developing privacy leak detection tools, it is still unclear whether apps and ad libraries can hide the fact that they are leaking private information. In fact, all existing analysis tools have strong limitations. We proposed a new approach to privacy leak detection that is not affected by such limitations, and it is also resilient to obfuscation techniques, such as encoding, encryption, performed on private information before it is leaked. Our work is based on black-box differential analysis, and it works in two steps: first, it establishes a baseline of the network behavior of an app; then, it modifies sources of private information, such as the device ID and location, and detects leaks by observing deviations in the resulting network traffic. Unfortunately, differential analysis is not practical enough to analyze modern mobile apps. In fact, their network traffic contains many sources of non-determinism, which, when not handled properly, cause too much noise to correlate output changes with input changes. In this talk we show that such non-determinism can often be explained and eliminated, and it is thus possible to reliably use variations in the network traffic to detect privacy leaks in Android apps. We implemented this approach in a tool, called Agrigento, and we evaluated it on more than one thousand Android apps. Our evaluation shows that our approach works well in practice and outperforms current state-of-the-art techniques. We conclude our talk by discussing several case studies that show how popular apps and ad libraries currently exfiltrate data by using complex combinations of encoding and encryption mechanisms.

2. ●
●
○
○

3. ●
●
○
○
●
○

4. http://i.w.inmobi.com/showad.asm?u-id-map=
iB7WTkCLJvNsaEQakKKXFhk8ZEIZlnL0jqbbYexcBA
XYHH4wSKyCDWVfp+q+FeLFTQV6jS2Xg97liEzDkw+X
NTghe9ekNyMnjypmgiu7xBS1TcwZmFxYOjJkgPOzkI
9j2lryBaLlAJBSDkEqZeMVvcjcNkx+Ps6SaTRzBbYf
8UY=&u-key-ver=2198564

5. ●
●

6. ●
●
IMEI: 12345678

7. ●
●
IMEI: 12345678 http://host.com/?id=39979edb58

8. ●
●
IMEI: 12345678 http://host.com/?id=39979edb58
IMEI: 98765432

9. ●
●
IMEI: 12345678 http://host.com/?id=39979edb58
IMEI: 98765432 http://host.com/?id=bae6a29c9b

19. ●
○
○
○
○
○

20. https://ads.com/show?data=7aca67bfc75d7816a1d907fb834c8f69
https://ads.com/register?id=732d064f-a465-0414-07f9-ff7d4c27544c
https://auth.domain.com/user/sign
UUIDs: [732d064f-a465-0414-07f9-ff7d4c27544c]
Timestamps: [146897456, 146897562]
Decryption map: {"7aca67bfc75d7816a1d907fb834c8f69"=>"146897456_c734f4ec"}
https://ads.com/show?data=<TIMESTAMP>_c734f4ec
https://ads.com/register?id=<RANDOM_UUID>
https://auth.domain.com/user/sign

21. https://ads.com/show?data=7aca67bfc75d7816a1d907fb834c8f69
https://ads.com/register?id=732d064f-a465-0414-07f9-ff7d4c27544c
https://auth.domain.com/user/sign
UUIDs: [732d064f-a465-0414-07f9-ff7d4c27544c]
Timestamps: [146897456, 146897562]
Decryption map: {"7aca67bfc75d7816a1d907fb834c8f69"=>"146897456_c734f4ec"}
https://ads.com/show?data=<TIMESTAMP>_c734f4ec
https://ads.com/register?id=<RANDOM_UUID>
https://auth.domain.com/user/sign

22. https://ads.com/show?data=7aca67bfc75d7816a1d907fb834c8f69
https://ads.com/register?id=732d064f-a465-0414-07f9-ff7d4c27544c
https://auth.domain.com/user/sign
UUIDs: [732d064f-a465-0414-07f9-ff7d4c27544c]
Timestamps: [146897456, 146897562]
Decryption map: {"7aca67bfc75d7816a1d907fb834c8f69"=>"146897456_c734f4ec"}
https://ads.com/show?data=<TIMESTAMP>_c734f4ec
https://ads.com/register?id=<RANDOM_UUID>
https://auth.domain.com/user/sign

23. https://ads.com/show?data=7aca67bfc75d7816a1d907fb834c8f69
https://ads.com/register?id=732d064f-a465-0414-07f9-ff7d4c27544c
https://auth.domain.com/user/sign
UUIDs: [732d064f-a465-0414-07f9-ff7d4c27544c]
Timestamps: [146897456, 146897562]
Decryption map: {"7aca67bfc75d7816a1d907fb834c8f69"=>"146897456_c734f4ec"}
https://ads.com/show?data=<TIMESTAMP>_c734f4ec
https://ads.com/register?id=<RANDOM_UUID>
https://auth.domain.com/user/sign

24. Instrumented Environment
#1
Run
App
Sources of Leak

25. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
#1
Run
App
Sources of Leak

26. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
Contextualized Trace
#1
Run
#n
Run
...
App
Sources of Leak
......
App
Sources of Leak Contextual Info
Network Trace
Instrumented Environment

27. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
Contextualized Trace
#1
Run
#n
Run
... Network Behavior
Summary
App
Sources of Leak
Phase 1: Network Behavior
Summary Extraction
......
App
Sources of Leak Contextual Info
Network Trace
Instrumented Environment

28. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
Contextualized Trace
#1
Run
#n
Run
... Network Behavior
Summary
Contextualized Trace
Final
Run
App
Sources of Leak
Phase 1: Network Behavior
Summary Extraction
......
App
Sources of Leak
App
Sources of Leak
Contextual Info
Network Trace
Contextual Info
Network Trace
Instrumented Environment
Instrumented Environment Phase 2: Differential Analysis

29. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
Contextualized Trace
#1
Run
#n
Run
... Network Behavior
Summary
Contextualized Trace
Final
Run
App
Sources of Leak
Differential
Analysis
Phase 1: Network Behavior
Summary Extraction
Phase 2: Differential Analysis
......
App
Sources of Leak
App
Sources of Leak
Contextual Info
Network Trace
Contextual Info
Network Trace
Instrumented Environment
Instrumented Environment

30. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
Contextualized Trace
#1
Run
#n
Run
... Network Behavior
Summary
Contextualized Trace
Final
Run
App
Sources of Leak
Differential
Analysis
Leaks
Phase 1: Network Behavior
Summary Extraction
Phase 2: Differential Analysis
......
App
Sources of Leak
App
Sources of Leak
Contextual Info
Network Trace
Contextual Info
Network Trace
Instrumented Environment
Instrumented Environment

31. Contextual Info
Network Trace
Contextualized TraceInstrumented Environment
Contextualized Trace
#1
Run
#n
Run
... Network Behavior
Summary
Contextualized Trace
Final
Run
App
Sources of Leak
Differential
Analysis
Leaks
Phase 1: Network Behavior
Summary Extraction
Phase 2: Differential Analysis
......
App
Sources of Leak
App
Sources of Leak
Contextual Info
Network Trace
Contextual Info
Network Trace
Instrumented Environment
Instrumented Environment

32. ●
○
○
●
○
○
○
○

33. ●
●

35. https://h.online-metrix.net/fp/clear.png?ja=33303426773f3a39
30643667663b33383831303d343526613f2d363830247a3f363026663d33
3539347a31323838266c603d687c7672253163253066253066616f6e7465
6e762f6a732c746370626f7926636f652466723f6a747670253161273266
253266616d6d2e65616f656b69726b7573267270697867636e617730266a
683d65616437613732316431353c65613a31386e67606563303736363936
34343363266d64643f6561633336303b64336a3935316663303666636137
3261363a61616335636761266d66733f353b32306d383230613230643b65
34643934383a31663636623b32323767616126616d65613d313933333133
3331333131333133312661743d6365656e765f6f6f6a696c6d26617e3f76
72777174666566676e6665722b6d6f606b6c652733632b392e3226342d3b
...

36. https://h.online-metrix.net/fp/clear.png?ja=33303426773f3a3930643667663b3338
3831303d343526613f2d363830247a3f363026663d333539347a31323838266c603d687c7672
253163253066253066616f6e74656e762f6a732c746370626f7926636f652466723f6a747670
253161273266253266616d6d2e65616f656b69726b7573267270697867636e617730266a683d
65616437613732316431353c65613a31386e6760656330373636393634343363266d64643f65
61633336303b64336a39353166633036666361373261363a61616335636761266d66733f353b
32306d383230613230643b6534643934383a31663636623b32323767616126616d65613d3139
333331333331333131333133312661743d6365656e765f6f6f6a696c6d26617e3f7672777174
666566676e6665722b6d6f606b6c652733632b392e3226342d3b...

37. https://github.com/ucsb-seclab/agrigento

38. andrea.continella@polimi.it
https://conand.me
@_conand

40. String aid = class.getDeclaredMethod( "getAndroidId" ,
Context. class).invoke(context); // get Android ID by Reflection
MessageDigest sha1 = getInstance( "SHA-1"); // hash
sha1.update(aid.getBytes());
byte[] digest = sha1.digest();
Random random = new Random(); // generate random key
int key = random.nextint();
// XOR Android ID with the randomly generated key
byte[] xored = customXOR(digest, key);
String encoded = Base64.encode(xored);
// send the encrypted value and key to ad server
HttpURLConnection conn = url.openConnection();
conn.write(Base64.encode(encoded).getBytes());
conn.write(("key=" + key).getBytes());

41. String aid = class.getDeclaredMethod( "getAndroidId" ,
Context. class).invoke(context); // get Android ID by Reflection
MessageDigest sha1 = getInstance( "SHA-1"); // hash
sha1.update(aid.getBytes());
byte[] digest = sha1.digest();
Random random = new Random(); // generate random key
int key = random.nextint();
// XOR Android ID with the randomly generated key
byte[] xored = customXOR(digest, key);
String encoded = Base64.encode(xored);
// send the encrypted value and key to ad server
HttpURLConnection conn = url.openConnection();
conn.write(Base64.encode(encoded).getBytes());
conn.write(("key=" + key).getBytes());

42. String aid = class.getDeclaredMethod( "getAndroidId" ,
Context. class).invoke(context); // get Android ID by Reflection
MessageDigest sha1 = getInstance( "SHA-1"); // hash
sha1.update(aid.getBytes());
byte[] digest = sha1.digest();
Random random = new Random(); // generate random key
int key = random.nextint();
// XOR Android ID with the randomly generated key
byte[] xored = customXOR(digest, key);
String encoded = Base64.encode(xored);
// send the encrypted value and key to ad server
HttpURLConnection conn = url.openConnection();
conn.write(Base64.encode(encoded).getBytes());
conn.write(("key=" + key).getBytes());

43. String aid = class.getDeclaredMethod( "getAndroidId" ,
Context. class).invoke(context); // get Android ID by Reflection
MessageDigest sha1 = getInstance( "SHA-1"); // hash
sha1.update(aid.getBytes());
byte[] digest = sha1.digest();
Random random = new Random(); // generate random key
int key = random.nextint();
// XOR Android ID with the randomly generated key
byte[] xored = customXOR(digest, key);
String encoded = Base64.encode(xored);
// send the encrypted value and key to ad server
HttpURLConnection conn = url.openConnection();
conn.write(Base64.encode(encoded).getBytes());
conn.write(("key=" + key).getBytes());

44. String aid = class.getDeclaredMethod( "getAndroidId" ,
Context. class).invoke(context); // get Android ID by Reflection
MessageDigest sha1 = getInstance( "SHA-1"); // hash
sha1.update(aid.getBytes());
byte[] digest = sha1.digest();
Random random = new Random(); // generate random key
int key = random.nextint();
// XOR Android ID with the randomly generated key
byte[] xored = customXOR(digest, key);
String encoded = Base64.encode(xored);
// send the encrypted value and key to ad server
HttpURLConnection conn = url.openConnection();
conn.write(Base64.encode(encoded).getBytes());
conn.write(("key=" + key).getBytes());

45. String aid = class.getDeclaredMethod( "getAndroidId" ,
Context. class).invoke(context); // get Android ID by Reflection
MessageDigest sha1 = getInstance( "SHA-1"); // hash
sha1.update(aid.getBytes());
byte[] digest = sha1.digest();
Random random = new Random(); // generate random key
int key = random.nextint();
// XOR Android ID with the randomly generated key
byte[] xored = customXOR(digest, key);
String encoded = Base64.encode(xored);
// send the encrypted value and key to ad server
HttpURLConnection conn = url.openConnection();
conn.write(Base64.encode(encoded).getBytes());
conn.write(("key=" + key).getBytes());

46. randomUUID()
123456

47. ●
●
●

48. ●
●
○
●
○