Research And Implementation Of Fingerprinting Based Android Device Identification

Nowadays, smart terminals become more and more popular. Among them, Android system plays a dominant role. In the process of its development, device identification technology, which means that how to distinguish particular terminal from others by extracting device fingerprint, is widely used in many fields such as accurate delivery of mobile ads, secure authentication and access control. This technology has important theoretical significance and practical value. However, current methods used to identify Android devices are all based on explicit identifiers. Some explicit identifiers are not very reliable and can be removed, tampered and forged. Other explicit identifiers require sensitive permission and can cause problems such as abuse of permission and user privacy leakage.To solve these problems, this thesis extracts implicit identifiers from application and browser under the premise of zero permission, and combines them to create device fingerprint and browser fingerprint respectively. Then we design appropriate device fingerprint matching and classification algorithms to implement Android device identification. Specifically, the main work includes the following 3 aspects.1. This thesis studies Android device fingerprint based on implicit identifiers. We extract 38 and 17 implicit identifers from application and browser respectively. These implicit identifiers cover features of device layer, application layer and user layer. Then we do theoretical math analysis on implicit identifiers based fingerprinting. We also collect real user device fingerprints to create fingerprint datasets and do feature selection based on the datasets.2. This thesis converts device identification to classification problem and gives evaluation methods and criteria of device fingerprint matching algorithm. Then two different types of fingerprint matching algorithms are designed, one of which contains the exact matching algorithm and the associated matching algorithm, and the other is based on naive bayes classifier. Experiments show that the exact matching algorithm is suit for browser fingerprint identification while the associated matching algorithm may cause high false positive rate. The associated matching algorithm and naive bayes classifier based algorithm are both suit for application fingerprint identification. The former one achieves very low false positive rate and relatively high false negative rate, and the latter one can reduce false negative rate further and maintains low false positive rate.3. Integrating above research of Android device identification technology, application-oriented and browser-oriented identification modules are implemented respectively. The device identification function library and browser identification script library are used to generate and upload fingerprints, and server is responsible for identification process. Finally, we implement the whole prototype system and conduct test verification.In summary, this thesis studies and implements Android device identification technology. Unlike the traditional methods which are based on explicit identifiers, combination of implicit identifiers is introduced to create device fingerprint. And then we. design corresponding fingerprint matching algorithms. Finally, we present a technology solution which can effectively identify Android smart terminals.