OpenWPM-Mobile is a mobile web privacy measurement framework that is based on
OpenWPM. OpenWPM-Mobile is developed for the paper titled "The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors" to measure the ecosystem of scripts accessing mobile sensors.
Run the following to install OpenWPM-Mobile.
./install.sh
To install the analysis related packages and files:
install-analysis.sh
Edit mobile_sensor_crawl.py to change the crawl parameters, such as number of sites to crawl and the number of browsers to run in parallel.
Then start a crawl by running:
python mobile_sensor_crawl.py
OpenWPM-Mobile takes several steps to realistically imitate Firefox for Android.
This involves overriding navigator object’s user agent, platform, appVersion and appCodeName strings; matching the screen resolution, screen dimensions, pixel depth, color depth; enabling touch status; removing plugins and supported MIME types that may indicate a desktop browser.
OpenWPM-Mobile also uses the preferences used to configure Firefox
for Android such as hiding the scroll bars and disabling popup windows.
We relied on the values provided in the mobile.js script found in the Firefox for Android source code repository.
When running crawls with OpenWPM-Mobile we installed Android fonts on our crawler machines to mitigate font-based fingerprinting. You may follow the instructions provided in EmulatingAndroidFonts.md to install Android fonts on your crawler machines.
The following will run all the tests:
pytest test
If you don't want to run the (slow) crawling test test_crawl.py execute the following:
pytest test -m "not slow"
Consult to the OpenWPM repository for details of the data format.
Follow the steps below to extract binary script features and cluster scripts similar using the methodology described in the paper.
-
Run the following command to extract features for scripts discovered in the crawl:
python extract_features.pyMake sure to point to the correct database containing the crawl results inside
extract_features.py. -
Once features are extracted you can generate clusters from the extracted features by using the
Clustering_JS_scripts.ipynbJupyter notebook.Make sure to point to the newly generated feature file (
features.csv) from the step 1.
If you use OpenWPM-Mobile in your research, please cite our CCS 2018 paper titled The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors. You can use the following BibTeX.
@inproceedings{sensor-js-2018,
author = "Anupam Das and Gunes Acar and Nikita Borisov and Amogh Pradeep",
title = "{The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors}",
booktitle = {Proceedings of ACM CCS 2018},
year = "2018",
}
OpenWPM-Mobile is licensed under GNU GPLv3. Additional code has been included from OpenWPM (which OpenWPM-Mobile is based on), FourthParty and Privacy Badger, all of which are licensed GPLv3+.