Implement a patch for individual apps to mitigate sensor based fingerprinting.
It is a further development of my bachelor's project and thesis.
It is about concealing the inherent error values of built-in sensors in mobile devices, by correcting them, to mitigate fingerprinting attempts.
Patching apps with the created mechanism, using the A2P2 Framework, obscures the true error values.
Apps can be fingerprinted based on the calibration error of the sensors within*.
We mask these errors by recalibrationg the sensors and using these values for the patched apps.
At the start of the app a calibration window pops up, if there is no calibration file found.
This makes it possible to calibrate the device only once, and not for every patched app individually.
We use a very simple method to calibrate the sensors.
The device has to placed on a flat surface and the difference between the expected values of 0 and the measured values are recorded and stored in a configuration file readable by any other patched app.
Then this error is subtracted from the raw values.
This reduces the error and brings the values of different devices closer together to make them more difficult to distinguish.
- Java 17 installed - A2P2 jar works on Linux, might not work on Windows.
- An apk from the app you want the patch apply to.
- Download the latest distribution release from A2P2 and extract it.
- Download the latest precompiled version of the patch.
- Execute the command from the A2P2 documentation
java -jar ./distribution/a2p2.jar <app>.apk ! unpack ! apply sensorguard_static.zip static ! pack ! sign ! ./
- Install the patched app on an Android device.
- Setup the A2P2 framework for patch development.
- Clone the project.
- Build the patch from source.
Check out the validation.
In development.