undefined | Better HN

0 pointscstross6y ago0 comments

I'm pretty sure you can fingerprint a device by gathering data about the binaries (and versions thereof) installed on it. I'm pretty sure that Facebook also know whose instance of the FB app is running on the device in question. Ergo, the data can be deanonymized and gives them more insights into what their users are doing … including, oh, competing platforms and apps?

The traditional model of computer security assumes that there's one device (the computer) which may have multiple users, so the emphasis is on identifying the user to the device. But today, one user may have one or more computers (smartphones/tablets/laptops), so the emphasis is on linking devices to users and thereby tracking usage patterns across devices. Which lands it straight in GDPR territory.

0 comments

3 comments · 2 top-level

londons_explore6y ago· 1 in thread

> I'm pretty sure you can fingerprint a device by gathering data about the binaries

Actually, probably not. These libraries are the base system image, which is read-only, and typically will only identify which model of phone it is. It might identify you if you have a custom android build you've done yourself though.

jethro_tell6y ago

Shit, there are dozens of us. Dozens

cameronbrown6y ago

No I meant they're outright uploading binaries, not just metadata.

j / k navigate · click thread line to collapse