2025-06-13 –, Elbkuppel
We found HyTrack, a robust new tracking Android tracking technique.
It allows tracking providers to track you across multiple apps and the web.
It does not depend on the ad IDs or fingerprinting and can be hidden from you.
HyTrack is based on a new browser feature called Custom Tabs.
Additionally, it is hard to get rid of: It might survive browser purges and the re-installation of affected apps.
In short, HyTrack brings the full power of web tracking to native Android and is a danger to user privacy as it allows tracking across apps and the web.
In this talk, we will discuss the mechanisms behind it, check which browsers and devices are affected, and discuss mitigations.
Finally, we will recommend the next steps for you and the community to take to mitigate HyTrack and protect user privacy.
Malte Wessels has been a PhD student at the Institute for Application Security at TU Braunschweig since summer '22, where he researches web security and privacy.