Privacy Implications of Smart TVs

This project studies the privacy implications of smart TVs along two fronts: (1) the advertising and tracking ecosystems of different smart TV platforms; and (2) the feasibility of identifying smart TV apps from their network traffic alone, also referred to as “network fingerprinting”.

In our PETS 2020 paper, we present a large-scale measurement study of the smart TV advertising and tracking ecosystem. The study examines network traffic from smart TVs used by real users, and from automated tests of the top-1000 applications (“apps”) for Roku and Amazon Fire TV. We discover that a subset of apps communicate with a large number of advertising and tracking services (ATSes), and that some ATS organizations only appear on certain platforms, showing a possible segmentation of the smart TV ATS ecosystem across platforms. We also evaluate DNS-based blocklists and find that even smart TV-specific blocklists suffer from missed ads and incur functionality breakage. Finally, we find that hundreds of apps exfiltrate personally identifiable information (PII) to third parties and platform domains, including instances where the advertising ID is sent alongside static PII values, effectively eliminating the user’s ability to opt out of ad personalization.

In our PETS 2022 paper, we examine if a passive, in-network observer can identify what app is in use on Apple TV, Fire TV, and Roku devices. To answer this, we propose FingerprinTV, a fully automated implementation of a methodology that assesses the performance of different fingerprinting techniques when applied to smart TV apps. From applying FingerprinTV to the top-1000 apps of Apple TV, Fire TV, and Roku, we find that smart TV app fingerprinting is highly feasible and effective: even the least prevalent type of fingerprint manifests itself in at least 68% of apps of each platform, and up to 89% of fingerprints uniquely identify a specific app when two fingerprinting techniques are used together. We also find that when multiple apps exhibit identical fingerprints, the apps often stem from the same developer or have been generated using the same “no code” toolkit. Finally, we show that many apps that are present on all three platforms exhibit platform-specific fingerprints.

Papers

Featured In

Our work on the advertising and tracking ecosystems of different smart TV platforms was featured in the Federal Trade Commission’s PrivacyCon 2021.

Team

Contact

smarttv.uci@gmail.com