Target covert identifiers placed by analytics SDKs

d4rken · d4rken · commit 859ce0be709a · 2025-01-30T18:09:25.000+01:00
See paper: > Exploring Covert Third-party Identifiers through External Storage in the Android New Era https://www.usenix.org/conference/usenixsecurity24/presentation/dong-zikan
diff --git a/app/src/main/java/eu/darken/sdmse/systemcleaner/core/filter/stock/AnalyticsFilter.kt b/app/src/main/java/eu/darken/sdmse/systemcleaner/core/filter/stock/AnalyticsFilter.kt
@@ -18,6 +18,7 @@ import eu.darken.sdmse.common.debug.logging.logTag
 import eu.darken.sdmse.common.files.APathLookup
 import eu.darken.sdmse.common.files.GatewaySwitch
 import eu.darken.sdmse.common.files.segs
+import eu.darken.sdmse.common.files.toSegs
 import eu.darken.sdmse.systemcleaner.core.SystemCleanerSettings
 import eu.darken.sdmse.systemcleaner.core.filter.BaseSystemCleanerFilter
 import eu.darken.sdmse.systemcleaner.core.filter.SystemCleanerFilter
@@ -68,11 +69,32 @@ class AnalyticsFilter @Inject constructor(
         log(TAG) { "initialized() with $config" }
 
         val antiTracking = Config(
-            areaTypes = setOf(DataArea.Type.SDCARD),
+            areaTypes = setOf(DataArea.Type.SDCARD, DataArea.Type.PUBLIC_DATA),
             pfpCriteria = setOf(
                 SegmentCriterium(segs(".tlocalcookieid"), Mode.Equal()),
                 SegmentCriterium(segs(".INSTALLATION"), Mode.Equal()),
                 SegmentCriterium(segs(".wps_preloaded_2.txt"), Mode.Equal()),
+                SegmentCriterium(".UTSystemConfig/Global/Alvin2.xml".toSegs(), Mode.Equal()),
+                SegmentCriterium(".DataStorage/ContextData.xml".toSegs(), Mode.Equal()),
+                SegmentCriterium("com.snssdk.api.embed/cache/clientudid.dat".toSegs(), Mode.Equal()),
+                SegmentCriterium("Tencent/ams/cache/meta.dat".toSegs(), Mode.Equal()),
+                SegmentCriterium("com.tencent.ams/cache/meta.dat".toSegs(), Mode.Equal()),
+                SegmentCriterium("backups/.SystemConfig/.cuid".toSegs(), Mode.Equal()),
+                SegmentCriterium("backups/.SystemConfig/.cuid2".toSegs(), Mode.Equal()),
+                SegmentCriterium("backups/.adiu".toSegs(), Mode.Equal()),
+                SegmentCriterium("Mob/comm/dbs/.duid".toSegs(), Mode.Equal()),
+                SegmentCriterium(segs(".mn_1006862472"), Mode.Equal()),
+                SegmentCriterium(segs(".imei.txt"), Mode.Equal()),
+                SegmentCriterium(segs(".DC4278477faeb9.txt"), Mode.Equal()),
+                SegmentCriterium("Android/obj/.um/sysid.dat".toSegs(), Mode.Equal()),
+                SegmentCriterium(".um/sysid.dat".toSegs(), Mode.Equal()),
+                SegmentCriterium(".pns/.uniqueId".toSegs(), Mode.Ancestor()),
+                SegmentCriterium(segs(".oukdtft"), Mode.Equal()),
+                SegmentCriterium("libs/com.igexin.sdk.deviceId.db".toSegs(), Mode.Equal()),
+                SegmentCriterium("data/.push_deviceid".toSegs(), Mode.Equal()),
+                SegmentCriterium("msc/.2F6E2C5B63F0F83B".toSegs(), Mode.Equal()),
+                SegmentCriterium(".lm_device/.lm_device_id".toSegs(), Mode.Equal()),
+                SegmentCriterium("LMDevice/lm_device_id".toSegs(), Mode.Equal()),
             ),
         )
         antiTrackingSieve = baseSieveFactory.create(antiTracking)
diff --git a/app/src/test/java/eu/darken/sdmse/systemcleaner/core/filter/stock/AnalyticsFilterTest.kt b/app/src/test/java/eu/darken/sdmse/systemcleaner/core/filter/stock/AnalyticsFilterTest.kt
@@ -1,7 +1,6 @@
 package eu.darken.sdmse.systemcleaner.core.filter.stock
 
-import eu.darken.sdmse.common.areas.DataArea.Type
-import eu.darken.sdmse.common.areas.DataArea.Type.SDCARD
+import eu.darken.sdmse.common.areas.DataArea.Type.*
 import eu.darken.sdmse.common.areas.currentAreas
 import eu.darken.sdmse.systemcleaner.core.filter.SystemCleanerFilterTest
 import eu.darken.sdmse.systemcleaner.core.sieve.BaseSieve
@@ -31,7 +30,7 @@ class AnalyticsFilterTest : SystemCleanerFilterTest() {
 
     @Test fun testFilter() = runTest {
         mockDefaults()
-        val areas = setOf(SDCARD, Type.PUBLIC_DATA)
+        val areas = setOf(SDCARD, PUBLIC_DATA)
         areaManager.currentAreas()
             .filter { areas.contains(it.type) }
             .distinctBy { it.type }
@@ -47,6 +46,79 @@ class AnalyticsFilterTest : SystemCleanerFilterTest() {
         pos(SDCARD, ".INSTALLATION", Flag.File)
         neg(SDCARD, "wps_preloaded_2.txt", Flag.File)
         pos(SDCARD, ".wps_preloaded_2.txt", Flag.File)
+
+        // https://www.usenix.org/conference/usenixsecurity24/presentation/dong-zikan
+        neg(SDCARD, ".UTSystemConfig", Flag.Dir)
+        neg(SDCARD, ".UTSystemConfig/Global", Flag.Dir)
+        pos(SDCARD, ".UTSystemConfig/Global/Alvin2.xml", Flag.File)
+
+        neg(SDCARD, ".DataStorage", Flag.Dir)
+        pos(SDCARD, ".DataStorage/ContextData.xml", Flag.File)
+
+        neg(PUBLIC_DATA, "com.snssdk.api.embed", Flag.Dir)
+        neg(PUBLIC_DATA, "com.snssdk.api.embed/cache", Flag.Dir)
+        pos(PUBLIC_DATA, "com.snssdk.api.embed/cache/clientudid.dat", Flag.File)
+
+        neg(SDCARD, "Tencent", Flag.Dir)
+        neg(SDCARD, "Tencent/ams", Flag.Dir)
+        neg(SDCARD, "Tencent/ams/cache", Flag.Dir)
+        pos(SDCARD, "Tencent/ams/cache/meta.dat", Flag.File)
+
+        neg(PUBLIC_DATA, "com.tencent.ams", Flag.Dir)
+        neg(PUBLIC_DATA, "com.tencent.ams/cache", Flag.Dir)
+        pos(PUBLIC_DATA, "com.tencent.ams/cache/meta.dat", Flag.File)
+
+        neg(SDCARD, "backups", Flag.Dir)
+        neg(SDCARD, "backups/.SystemConfig", Flag.Dir)
+        pos(SDCARD, "backups/.SystemConfig/.cuid", Flag.File)
+        pos(SDCARD, "backups/.SystemConfig/.cuid2", Flag.File)
+
+        pos(SDCARD, "backups/.adiu", Flag.File)
+
+        neg(SDCARD, "Mob", Flag.Dir)
+        neg(SDCARD, "Mob/comm", Flag.Dir)
+        neg(SDCARD, "Mob/comm/dbs", Flag.Dir)
+        pos(SDCARD, "Mob/comm/dbs/.duid", Flag.File)
+
+        neg(PUBLIC_DATA, ".mn", Flag.Dir)
+        pos(PUBLIC_DATA, ".mn_1006862472", Flag.File)
+
+        neg(SDCARD, "imei.txt", Flag.File)
+        pos(SDCARD, ".imei.txt", Flag.File)
+
+        neg(SDCARD, "DC4278477faeb9.txt", Flag.File)
+        pos(SDCARD, ".DC4278477faeb9.txt", Flag.File)
+
+        neg(SDCARD, "Android/obj", Flag.Dir)
+        neg(SDCARD, "Android/obj/.um", Flag.Dir)
+        pos(SDCARD, "Android/obj/.um/sysid.dat", Flag.File)
+
+        neg(PUBLIC_DATA, ".um", Flag.Dir)
+        neg(PUBLIC_DATA, ".um/sysid", Flag.Dir)
+        pos(PUBLIC_DATA, ".um/sysid.dat", Flag.File)
+
+        neg(SDCARD, ".pns", Flag.Dir)
+        neg(SDCARD, ".pns/.uniqueId", Flag.Dir)
+        pos(SDCARD, ".pns/.uniqueId/file", Flag.File)
+
+        neg(SDCARD, "oukdtft", Flag.Dir)
+        pos(SDCARD, ".oukdtft", Flag.Dir)
+
+        neg(SDCARD, "libs", Flag.Dir)
+        pos(SDCARD, "libs/com.igexin.sdk.deviceId.db", Flag.Dir)
+
+        neg(SDCARD, "data", Flag.Dir)
+        pos(SDCARD, "data/.push_deviceid", Flag.File)
+
+        neg(SDCARD, "msc", Flag.Dir)
+        pos(SDCARD, "msc/.2F6E2C5B63F0F83B", Flag.File)
+
+        neg(SDCARD, ".lm_device", Flag.Dir)
+        pos(SDCARD, ".lm_device/.lm_device_id", Flag.File)
+
+        neg(SDCARD, "LMDevice", Flag.Dir)
+        pos(SDCARD, "LMDevice/lm_device_id", Flag.File)
+
         confirm(create())
     }
 
