Not Your Average App: A Large-scale Privacy Analysis of Android Browsers

TL;DR

This study provides a large-scale empirical analysis of Android browsers, revealing both privacy-preserving and privacy-harming behaviors, highlighting the need for context-aware analysis tools.

Contribution

It introduces a novel combined static and dynamic analysis pipeline and presents the largest dataset of Android browsers for privacy behavior evaluation.

Findings

Many popular browsers exhibit privacy-harming behaviors.

Some browsers claiming privacy features still send user data to third parties.

Automatic analysis systems need context-specific methods to detect privacy issues.

Abstract

The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, they can have access to (and can expose) a unique combination of sensitive user data, from users' browsing history to permission-protected personally identifiable information (PII) such as unique identifiers and geolocation. However, on the other end, they also are in a unique position to protect users' privacy by limiting data sharing with other parties by implementing ad-blocking features. In this paper, we perform a comparative and empirical analysis on how hundreds of Android web browsers protect or expose user data during browsing sessions. To this end, we collect the largest dataset of Android browsers to date, from the Google Play Store and four Chinese app stores. Then, we developed a novel analysis pipeline that combines static and dynamic analysis methods to find a wide range of privacy-enhancing (e.g., ad-blocking) and privacy-harming behaviors (e.g., sending browsing histories to third parties, not validating TLS certificates, and exposing PII -- including non-resettable identifiers -- to third parties) across browsers. We find that various popular apps on both Google Play and Chinese stores have these privacy-harming behaviors, including apps that claim to be privacy-enhancing in their descriptions. Overall, our study not only provides new insights into important yet overlooked considerations for browsers' adoption and transparency, but also that automatic app analysis systems (e.g., sandboxes) need context-specific analysis to reveal such privacy behaviors.