I broke AppLovin’s mediation cipher protocol

A researcher has successfully decrypted AppLovin’s mediation cipher protocol, revealing that the encrypted bid requests include sufficient device data to deterministically re-identify iPhones across different applications, even when users deny App Tracking Transparency (ATT). This development raises significant privacy concerns and questions about the effectiveness of current user tracking restrictions.

The researcher captured and decrypted thousands of encrypted ad bid requests from AppLovin, discovering that the payloads contain detailed device information. The encryption scheme relies on a static salt embedded in the SDK and a publisher-specific SDK key, combined with a predictable timestamp-based counter, resulting in ciphertext that can be decrypted with the right key. The decrypted data includes a comprehensive set of device attributes, such as hardware details, OS version, and unique identifiers, which can be used to re-identify devices across multiple apps regardless of ATT status.

The encryption scheme employs a non-authenticated cipher based on a variation of SplitMix64, which does not provide cryptographic security against tampering. The timestamp used in encryption is embedded in the ciphertext, allowing the researcher to recover the exact time of each request, further aiding device fingerprinting. The decrypted payloads include both device fingerprint data and opaque tokens sent to ad networks, with some signals readable and others encrypted, but all containing identifiable device information.

Why It Matters

This discovery challenges the assumption that ATT is the only barrier to user fingerprinting. The decrypted data shows that ad networks can re-identify users across apps without relying solely on IDFA, undermining privacy protections and potentially violating user expectations and regulations. It also exposes vulnerabilities in AppLovin’s encryption approach, which lacks cryptographic integrity features like MAC or AEAD, making it susceptible to tampering and spoofing.

Background

Prior to this, the industry widely believed that ATT was the primary means for user identification and tracking. AppLovin’s SDK is one of the largest mediation platforms, involved in billions of ad requests daily. The encryption scheme used by AppLovin was assumed to protect user data, but the researcher’s findings reveal that the encryption is weak and that device fingerprinting remains feasible through the encrypted payloads. Similar concerns about device fingerprinting and privacy have been raised before, but this is the first known breach of AppLovin’s specific cipher protocol at this scale.

“The encrypted bid request carries enough device data to deterministically re-identify the same iPhone across apps from different publishers, even when user denies ATT.”

— Researcher

“The cipher used by AppLovin is not cryptographically secure, and the inclusion of timestamps in the ciphertext makes device fingerprinting straightforward.”

— Privacy expert

What Remains Unclear

While the researcher has decrypted thousands of envelopes and demonstrated the feasibility of device re-identification, it remains unclear how widespread or systematically exploited this vulnerability is within the industry. AppLovin has not yet publicly responded to these findings, and it is unknown whether they will update their encryption protocols or implement additional security measures.

What’s Next

Next steps include further analysis to determine if other ad networks use similar encryption schemes, industry response from AppLovin and regulators, and potential updates to SDK security practices. Researchers and privacy advocates will likely scrutinize the encryption weaknesses and push for stronger cryptographic protections in ad tech.

Key Questions

Does this mean my device can be tracked across apps even if I deny ATT?

Yes, according to the researcher’s findings, device fingerprinting via decrypted payloads can re-identify iPhones across apps without relying on IDFA or ATT.

What specific data can be used to re-identify devices?

The decrypted data includes detailed device info such as hardware model, OS version, screen dimensions, and unique identifiers, which can be combined to fingerprint a device.

Has AppLovin responded to these findings?

As of now, there has been no public statement from AppLovin addressing the decryption or its implications.

Will this affect other ad networks or just AppLovin?

The findings specifically relate to AppLovin’s encryption scheme, but similar vulnerabilities could exist in other ad tech SDKs if they use comparable encryption methods.