Skip to content
A mobile web privacy measurement framework based on OpenWPM
Branch: mobile_sensors
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
automation remove xpi from repo May 9, 2018
clustering Rename clustering directory. Aug 30, 2018
feature_extraction
test
.gitignore
.travis.yml
CHANGELOG Version bump to 0.7.0 Nov 16, 2016
EmulatingAndroidFonts.md
LICENSE
README.md Update paper link and text Sep 18, 2018
VERSION Version bump to 0.7.0 Nov 16, 2016
__init__.py Create data_directory if it doesn't exist + drop an init file in main Sep 14, 2015
demo.py
install-analysis.sh Add feature extraction code. Aug 29, 2018
install.sh
mobile_sensor_crawl.py Set parameters for a 100K crawl Aug 30, 2018
requirements.txt

README.md

OpenWPM-Mobile Build Status

OpenWPM-Mobile is a mobile web privacy measurement framework that is based on OpenWPM. OpenWPM-Mobile is developed for the paper titled "The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors" to measure the ecosystem of scripts accessing mobile sensors.

Installation

Run the following to install OpenWPM-Mobile.

./install.sh

To install the analysis related packages and files:

install-analysis.sh

Basic usage

Edit mobile_sensor_crawl.py to change the crawl parameters, such as number of sites to crawl and the number of browsers to run in parallel.

Then start a crawl by running:

python mobile_sensor_crawl.py

Imitating Mobile Browser

OpenWPM-Mobile takes several steps to realistically imitate Firefox for Android.

This involves overriding navigator object’s user agent, platform, appVersion and appCodeName strings; matching the screen resolution, screen dimensions, pixel depth, color depth; enabling touch status; removing plugins and supported MIME types that may indicate a desktop browser.

OpenWPM-Mobile also uses the preferences used to configure Firefox for Android such as hiding the scroll bars and disabling popup windows. We relied on the values provided in the mobile.js script found in the Firefox for Android source code repository.

When running crawls with OpenWPM-Mobile we installed Android fonts on our crawler machines to mitigate font-based fingerprinting. You may follow the instructions provided in EmulatingAndroidFonts.md to install Android fonts on your crawler machines.

Running tests

The following will run all the tests:

pytest test

If you don't want to run the (slow) crawling test test_crawl.py execute the following:

pytest test -m "not slow"

Data Analysis

Consult to the OpenWPM repository for details of the data format.

Feature extraction and clustering

Follow the steps below to extract binary script features and cluster scripts similar using the methodology described in the paper.

  1. Run the following command to extract features for scripts discovered in the crawl:

    python extract_features.py

    Make sure to point to the correct database containing the crawl results inside extract_features.py.

  2. Once features are extracted you can generate clusters from the extracted features by using the Clustering_JS_scripts.ipynb Jupyter notebook.

    Make sure to point to the newly generated feature file (features.csv) from the step 1.

Citation

If you use OpenWPM-Mobile in your research, please cite our CCS 2018 paper titled The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors. You can use the following BibTeX.

@inproceedings{sensor-js-2018,
    author    = "Anupam Das and Gunes Acar and Nikita Borisov and Amogh Pradeep",
    title     = "{The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors}",
    booktitle = {Proceedings of ACM CCS 2018},
    year      = "2018",
}

License

OpenWPM-Mobile is licensed under GNU GPLv3. Additional code has been included from OpenWPM (which OpenWPM-Mobile is based on), FourthParty and Privacy Badger, all of which are licensed GPLv3+.

You can’t perform that action at this time.