Researchers at Cambridge University demonstrated that the unique calibration data associated with the sensors in iOS and Android smartphones can be used by websites to create a device fingerprint without the user ever knowing. The data is used to create a SensorID that uniquely identifies the specific device and can be then used to track that device anywhere it goes online.
While the researchers don't believe that the method has been used in the wild, virtually every iOS and Android device could be vulnerable. The good news is that the researchers notified Apple of the vulnerability almost a year ago, and the company issued a patch in the iOS 12.2 update. If you aren't yet running that version of the operating system, you should update immediately.
If you're an Android user, the good news is, you're less likely to be affected by the latest vulnerability that demonstrates just how much our online activity is tracked. The bad news is, Google hasn't issued a fix yet for Pixel 2 or Pixel 3 devices.
Tracking your device based on its fingerprint.
Websites routinely attempt to fingerprint devices, which is a process that creates a profile to identify a device as it navigates websites and apps, and is used to serve targeted advertising based on your activity. While you may be generally aware that this happens through things like cookies, I suspect most of you are less aware that sites and apps do this regularly without any consent or interaction required.
Browsers like Safari and Firefox limit the data that sites are able to access about your device. However, this method bypasses many of those restrictions by accessing internal calibration data instead. As a result, malicious attackers could use the method to track devices without users ever knowing they were affected.
Stay vigilant to protect your information.
Unfortunately, since this method works without any user interaction, it's hard to prevent. Right now, we're at the mercy of companies like Apple and Google to keep their software updated to defeat these vulnerabilities. At the same time, it's up to you to take standard precautions like keeping your device software updated, avoiding interactions with sites you are unfamiliar with, and never clicking on links in suspicious emails.
Your privacy and information are a valuable commodity, and both the websites you visit every day and attackers with bad intentions continue to develop sophisticated new ways to track and monitor everything you do online. It's your job to be aware and take responsibility for protecting yourself and your information.