XPost: misc.phone.mobile.iphone, alt.comp.os.windows-10   
   From: mariasophia@comprehension.com   
      
   Maria Sophia wrote:   
   > Speaking of privacy, you likely do not want your wallpaper to be unique:   
   >   *How your phone can be tracked by your wallpaper*   
   >     
      
   To continue to clarify so that every point is covered in sufficient detail   
      
   Things have changed since that particular Apr 26, 2022 PSA discussion about   
   fingerprint privacy when pre-Android 8.1 apps could read wallpaper bitmaps.   
     WallpaperManager.getDrawable()   
   The returned bitmap was the actual wallpaper image!   
      
   In those days, apps could hash it, upload it, or even reconstruct the   
   original photo! If your wallpaper was a photo of your kid, your dog, your   
   house, etc., any app could silently read it. That was a real privacy hole.   
      
   Android 8.1 tried to avoid this by requiring READ_EXTERNAL_STORAGE such   
   that after 8.1 apps can no longer read the wallpaper image itself, but they   
   still could read the WallpaperColors object which has some juicy data...   
      
   In later Android versions, the wallpaper is stored in a protected system   
   directory, not in shared storage.   
    Wallpaper: /data/system/users/0/wallpaper   
    Lockscreen: /data/system/users/0/wallpaper_loc   
      
   In the current Android versions, apps get much less wallpaper information:   
    WallpaperManager.getWallpaperColors()   
    a. 3 "main colors"   
    b. 1 "secondary color"   
    c. 1 "tertiary color"   
    d. And some luminance metadata   
      
   FingerprintJS showed that this color set can be hashed into what they   
   called ~144 bits of entropy but if you use a pure solid-color wallpaper,   
   the color set contains almost no entropy & as such, is apparently not all   
   that useful for malevolent fingerprinting purposes (AFAIK).   
      
   Because if you take:   
    a. 3 RGB colors   
    b. luminance metadata   
    c. some internal weighting   
   and hash them, you can produce a value that looks like a fingerprint.   
      
   But it is only a fingerprint within the same app on the same device.   
   Better yet, pure solid colors collapse the entropy to almost nothing   
      
   A 1x1 PPM expanded to our screen size produces a mathematically uniform   
   image with no EXIF, no camera noise & no unique patterns to fingerprint.   
      
   I guess if we use a color nobody uses, that might still fingerprint us,   
   but a pure black wallpaper produces the same WallpaperColors object for   
   everyone.   
      
   Which is why this PSA about generating solid-color wallpapers is actually   
   one of the million things most people "should" know about privacy, but   
   perhaps they only know about 3 or 4 of those million things about privacy.   
      
   Note that there is no iOS wallpaper fingerprinting vector. If an iOS app   
   knows anything about your wallpaper, you gave it the image yourself.   
      
   As for Windows, any app can read the wallpaper, which is stored in   
     %AppData%\Microsoft\Windows\Themes\TranscodedWallpaper   
   No special wallpaper fingerprinting mechanism exists, but program you run   
   can read your wallpaper file because it can read all your files anyway.   
   --   
   Privacy is a feature you build yourself into everything you touch and use.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)