• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    1
    ·
    10 months ago

    Mixed feelings about this article. In short, it presents a new way of fingerprinting devices.

    While it’s an interesting fingerprinting strategy, this is just one of many ways that a device can be fingerprinted. Do your best to avoid installing applications you don’t trust to protect your privacy.

    Also, the recommendations of the article don’t make much sense. Anti malware on Android? Ridiculous and ineffective.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      10 months ago

      Is there any better anti-malware solution available to the average (read: not using F-Droid) user than the Google Play Store? If third party cookie blocking in Chrome has shown us anything, it’s that Google prefers to monopolize data collection.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        12
        ·
        10 months ago

        No. There is no room for anti-malware services in the Android design.

        Such software needs permissions that reach outside of the Android security model to do things like access other application data without its consent.

        Imagine for a moment that you could install anti malware with some kind of super user permission that lets the software access everything it needs to do its job. If so, malware would immediately attempt to use that feature as well, either to steal more of your data or inject itself into other applications.

        Play Services is special because it operates with much higher privileges than third party software can obtain.

        Now, in theory you can still scan applications before they are installed, but I would argue that there’s very limited value in doing so. If you’re installing software from sources you don’t trust, you have bigger problems. You can’t rely on a signature matching engine to detect malware in the general case.