X hits on this document





31 / 40

Client Fingerprinting via Analysis of Browser Scripting Environment



!d.all d.childNodes d.compatMode !d.documentMode

  • d.

    getElementById d.getElementsByClassName !n.savePreferences

  • w.

    XMLHttpRequest !w.globalStorage w.postMessage

Figure 5.7-1: Android 2.2 HTC Evo (Sprint)

The embedded Android O/S includes a browser to allow users to navigate the Internet, and this browser is very similar to the Google Chrome browser which it is based upon. Android browser will execute scripts with a version up to and including JavaScript version 1.7. Also the Android browser will execute Microsoft JScript as though it was JavaScript until it encounters a Microsoft specific function.

The navigator.appVersion and navigator.userAgent provide some information about the device. These two properties include tokens to specify that it is an Android device along with the version (e.g. ‘Android 2.1-update1’), a token to specify that it is a mobile device (e.g. ‘Mobile’) and a browser version token (e.g. ‘Version/’).

The navigator.language property provides information about the language that the device is configured to support. The value of the property is the two character lower case language code, but unlike Google Chrome the value does not include a country identifier. The navigator.language property does not match the language token listed in the navigator.appVersion and navigator.userAgent property. On Android embedded devices, the language token in the navigator.appVersion and navigator.userAgent properties contain the language code and the country code, while navigator.language only contains the language code.

The navigator.platform property contains the value of ‘Linux armv71’ which is the processor of the device. The desktop version of Google Chrome will return ‘Linux i686’ for a processor type.

The navigator.vendor property returns a value of ‘Google Inc.’ for the desktop versions of Google Chrome, but the browser of the embedded Android devices displays some variance in the values that are returned. Android devices will return values of either ‘Google Inc.’ or ‘Apple Computer, Inc.’ for navigator.vendor.

Unlike the desktop version of Google Chrome, Android devices do not include native functionality to modify their User Agent, so it is more difficult for these devices to masquerade as other browsers and/or O/Ss.

Mark Fioravanti, mark.fioravanti.ii@gmail.com

Document info
Document views58
Page views58
Page last viewedMon Oct 24 00:07:25 UTC 2016