Comment on Can an app uniquely identify your android device between different installs?
Local Link | Content link | Reddit Link
r/privacyu/AverageCowboyCentaur (129)

Super bad guy developer here, this was something we had to circumvent because of employee tomfoolery. ELI5: Normally what you're saying would work but each phone has many multiple unique identifiers that can be called upon. What we did is not mess around with anything and go directly to the IMEI, IMSI. We use that and link it to the account, any kind of tracking or identification cookies we generate to follow people we attach to that number so unless you get a brand new phone you can potentially be tracked. But even then we can correlate usage patterns and find you, it's not really difficult at all. You would have to literally change cities and modify your sleeping routines and things you do on your phone. Essentially become a new human to not generate enough data to sync you to the new device. As little as two data points can be used to identify somebody now, we used to need five!

Comments ()

So basically you'd need a proxy phone in a different geolocation, that also makes random requests at random times? Would that solve it lol.

Is there a way to spoof your geolocation? If an area was geofenced to show all cells in a specific area is there a way to make your phone not show up there but show up in an entirely different area?

Yes, search GPS spoof app on your android app store or apk website.

Even though I know what you said to be true, it still baffles me how little privacy people have nowadays and in my opinion, it is frightening to know how unaware the majority of people are when it comes to this topic almost to the point that when it's spoken of, it sounds like a silly conspiracy theory (which it clearly isn't).

I've brought it up in conversation enough times and know the looks and responses I've gotten from people that think it's ridiculous and not just from Boomers and older but from the younger generation too. Most people either have no idea or don't want to believe it. Then when adding the topic of "interest based advertising" (aka a psychological profile) into the mix and explaining how such tools can be used to manipulate people from a subconscious level, people start giving really disbeliving looks. I get it though, it's scary and I'd rather it not be true but that's just what it is nowadays.

I just wish people were more educated on this, and so many others, because if you don't know about something (whether it be a threat or whatever else) you are left at the mercy of those who do know about it. "Ignorance is bliss" mixed with "what mama doesn't know won't hurt her" leads to being more individual and group manipulation which is bad for everyone.

[deleted]

I'm going to use your reply to say that's exactly what happens, in a way, in every department store and every mall in America. Even if your Wi-Fi is not connected and just turned on you send out a beacon. This beacon has a power level that it sends out frequently enough that these stores, these places, can track your movements and know when you stop. They know what aisle you're in They know what door you walked in they know where you paused for a moment and what was around you. And if you happen to have their app installed they know even more about what you're doing and where you're at in the building because of the permissions that we're given at app install.

Don't think for a moment that you're not tracked every second of your life and it's all being given to data brokers to be sold off piecemeal and then repopulated to form a very detailed dossier on you that sold in whole to the highest bidder.

We live in a time in history where they can hack your computing devices with ultrasonic frequencies emitted by your cell phones speaker. We are all just doing the best we can here. All we can do really is spread the word, stay vigilant, and try like hell to live our lives while fighting for privacy everyday.

Does turning off my wifi on my phone stop this? I try to keep it off always but sometimes, much like my bluetooth, it turns itself on.

If you are on iPhone you need to turn the switch off in the settings, the swipe controls are all temporary by design. But yes if the radio is off then tracking in that way is off. Android does have some settings to re-enable Wi-Fi, and it's not really turned off it's like in a sleeping mode. Double check your connection settings to see if you have those turned on. It's kind of like a geofence but built into your phone.

When android wifi is in sleep mode, is it still as effective as when it's totally off? And if not, how do we ensure sure its off?

Please correct me if I'm wrong, but, in some phones, the cellular signal is still active even if the phone is powered off. Like, no your phone isn't going to ring or anything, but the device cpu operates on residual battery or something.

(I haven't worked in telephony in years, so I am pulling this out of my ass as trivia that I once knew well!!)

Thats sounds like flightmode to me. You're talking about Edward Snowden scenarios where you're never sure the phone is of.

I know there's background wifi and bluetooth scanning that work even when the wifi and bluetooth are switched off.

You have to switch off the scanning settings individually to get it completely off.

The only way I see around this is getting a faraday cage case for your phone and only taking it out when you use it. No emf gets in or out while in your pocket

Cheapest pocket faraday cage I can find It's a little extreme but it would work.

You're absolutely correct which is also pretty harrowing as even tech savvy people may have no idea how little privacy we have along with the myriad tactics that are employed to further breach an individual's privacy.

I was mostly unaware about these things until a year ago. I'm not in any field related to tech/telecom/software/etc but I had foolishly thought myself to be relatively informed (especially coming from years of learning about topics relating to "conspiracy theories" - mostly for entertainment and imagination exercises but also because some of those theories make sense). I dont talk about it much but I'm convinced my old phone was hacked but I don't have the expertise in any related field so I had nowhere to begin and so I started asking "how is this possible?" after a couple months of seeing things that couldn't have been software bugs (in one instance, I left my phone to do something else and upon returning had a couple words typed into my browser which I know I hadn't typed). I still question the things that happened despite knowing I experienced them because, as others had asked, "who tf am I that id be hacked". Additionally, whatever I was experiencing at that time made me question what tf was happening because it also felt like psychological manipulation to a high degree. It was very effective but after coming to my senses, I realized my need to understand my own vulnerabilities and psychology so that they couldn't be as easily used against me. I'll leave it at that.

Since then, I've educated myself a metric fuckton about this topic after having a tough "coming to" period and despite being happy to have learnt what I did, I'd much rather have been blissfully unaware which is why it scares me that the majority of others are even more oblivious to what is not only possible but happens with relative ease nowadays. Additionally, seeing the different psychological tactics used on the public and the individual is even more frightening as many people don't realize that advertising and propaganda are literally the same (Edward Bernays, anyone?).

I'm still worried about these things, especially the ignorance that the vast majority of the population suffers under, but I'm happy to have educated myself on these topics. Had I not, I believe it would have driven me over the edge and I wish I was exaggerating - the ways both tech and human psychology are weaponized is horrifying.

Yeah, i remember youtube vids on how to convert xbox sensor to a mapping tool, that you could use against neighbors.

Making it easy to not think or worry about it is a huge part of the industry. If people can say "eh what do I care" and see no immediate negative impact on their day to day lives, they will, because the alternative is difficult and unpleasant.

It's all well and good until all that profiling is used for something worse than advertising. Like "Make me a list of everyone in city X who has a distrust of the current political regime and likes guns, then go round them up."

Which it is and will be if humanity doesn’t work out it’s downfall

Just send them social dilemma on netflix. Find one on privacy. Gift them out as xmas presents or whatever. Alex jones listeners wasted a lot of time on educating their fam. When they could of just used a documentary.

I like what you said at the end. If you don't want to be identified, you have to become someone else.

Edit: typo

Didn't Android start boxing access to IMEI info in Android 11 or 12? Or am I confusing that with something GrapheneOS has done?

This changed happened in Android 10, which means system apps, carrier apps are the only ones that can pull that. Or profile apps via an "MDM" solution. But there's ways around by using UUID and behaviour tracking and cookies. Also there are certain things we found in the xml files that persist though formats that allowed us to indetify hardware outside of account login and usage. Unfortunately it's because carriers activate in a very specific way to their users. There is an unbelievable amount of people using old android phones out there. I highly recommend anyone that can upgrade to 10 or higher asap.

Bonus info: Android 12 allows you to wipe your ad ID so it will report back all zeros. So I recommend anybody on 12 to opt out of personalization using advertising ID as soon as you upgrade to it. That was another thing that was looked into using as it was always available until 12 was released. Thankfully Google and Apple are working hard to keep people safe, then again all your data is still going to Google and Apple and to their data brokers where they can make money. And it truly only takes a couple of points of data to de-anonymize anybody.

First of all thank you for both the replies. I have added to the main poste the condition "Running Android 10+", since this way is not possible to grab the imei or imsi. Regarding the advertising id I didn't know with android 12 you are able to set your ad ID to all zeros, that sounds pretty neat in protecting from tracking by third parties (not google of course), but wouldn't constantly changing your ad ID do the same? (I am running and11 and I can change my ad ID from Google > Ads ).

You also talked about cookies. Are you referring to the cookies stored in the browser the user would suposedly use? Or maybe in webview? (And in both cases, wouldnt a all-data clearing of the browser on every quit circumvent this kind of tracking?)

"keeping safe" in this context is equivalent to "keeping our data monopoly"... So kinda double-edged-sword. Although, Google/Apple might be better evil-over-lords then some other options.

Long story short, so long as you use software that disrespects your freedom, you're fucked.

A program fundamentally built around abusing the user will not serve the user.

What used to be the five anyways?

5 login points or usage points.

[deleted]