{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:03:56Z","timestamp":1774364636795,"version":"3.50.1"},"reference-count":51,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T00:00:00Z","timestamp":1770249600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1016\/j.cose.2026.104850","type":"journal-article","created":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T15:52:24Z","timestamp":1770479544000},"page":"104850","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Cookies, identifiers and other data that google silently stores on android handsets"],"prefix":"10.1016","volume":"165","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4056-4014","authenticated-orcid":false,"given":"D.J.","family":"Leith","sequence":"first","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.104850_bib0001","unstructured":"Legal grounds for processing data, European commission. https:\/\/commission.europa.eu\/law\/law-topic\/data-protection\/rules-business-and-organisations\/legal-grounds-processing-data_en."},{"key":"10.1016\/j.cose.2026.104850_bib0002","unstructured":"S.I. No. 336\/2011, 2011. https:\/\/www.dataprotection.ie\/sites\/default\/files\/uploads\/2020-04\/Data%20Protection%20Commission%20cookies%20sweep%20REVISED%2015%20April%202020%20v.01.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0003","unstructured":"European parliament and council. Regulation 2016\/679 (general data protection regulation), 2016. https:\/\/data.europa.eu\/eli\/reg\/2016\/679\/oj."},{"key":"10.1016\/j.cose.2026.104850_bib0004","unstructured":"Report by the data protection commission on the use of cookies and other tracking technologies, April 2020. https:\/\/www.irishstatutebook.ie\/eli\/2011\/si\/336\/."},{"key":"10.1016\/j.cose.2026.104850_bib0005","unstructured":"Guidance notes: legal bases for processing personal data, Irish data protection commision, Dec 2019. https:\/\/www.dataprotection.ie\/sites\/default\/files\/uploads\/2020-04\/Guidance%20on%20Legal%20Bases.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0006","unstructured":"Report of the work undertaken by the cookie banner taskforce, European data protection board, Jan 2023. https:\/\/www.edpb.europa.eu\/system\/files\/2023-01\/edpb_20230118_report_cookie_banner_taskforce_en.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0007","unstructured":"Opinion 5\/2019 on the interplay between the ePrivacy directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, March 2019. https:\/\/www.edpb.europa.eu\/sites\/default\/files\/files\/file1\/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0008","unstructured":"Guidelines 05\/2020 on consent under regulation 2016\/679, EDPB, May 2020. https:\/\/www.edpb.europa.eu\/sites\/default\/files\/files\/file1\/edpb_guidelines_202005_consent_en.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0009","unstructured":"Guidelines 1\/2024 on processing of personal data based on (1)(f) GDPR, EDPB, Oct 2024a. https:\/\/www.edpb.europa.eu\/system\/files\/2024-10\/edpb_guidelines_202401_legitimateinterest_en.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0010","unstructured":"Guidelines 2\/2023 on technical scope of art. 5(3) of ePrivacy directive, EDPB, Oct 2024b. https:\/\/www.edpb.europa.eu\/system\/files\/2024-10\/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_v2_en_0.pdf."},{"key":"10.1016\/j.cose.2026.104850_bib0011","series-title":"33rd USENIX Security Symposium (USENIX Security 24)","first-page":"5645","article-title":"Abandon all hope ye who enter here: a dynamic, longitudinal investigation of android\u2019s data safety section","author":"Arkalakis","year":"2024"},{"issue":"1","key":"10.1016\/j.cose.2026.104850_bib0012","doi-asserted-by":"crossref","first-page":"201","DOI":"10.3390\/forensicsci2010016","article-title":"Forensic analysis of the bumble dating app for android","volume":"2","author":"Barros","year":"2022","journal-title":"Forensic Sci."},{"issue":"4","key":"10.1016\/j.cose.2026.104850_bib0013","doi-asserted-by":"crossref","DOI":"10.1145\/3176246","article-title":"Measuring third-party tracker power across web and mobile","volume":"18","author":"Binns","year":"2018","journal-title":"ACM Trans. Internet Technol."},{"key":"10.1016\/j.cose.2026.104850_bib0014","series-title":"31st USENIX Security Symposium (USENIX Security 22)","first-page":"2893","article-title":"Automating cookie consent and GDPR violation detection","author":"Bollinger","year":"2022"},{"issue":"8","key":"10.1016\/j.cose.2026.104850_bib0015","doi-asserted-by":"crossref","first-page":"1476","DOI":"10.1109\/JPROC.2016.2637878","article-title":"A survey on web tracking: mechanisms, implications, and defenses","volume":"105","author":"Bujlow","year":"2017","journal-title":"Proc IEEE"},{"key":"10.1016\/j.cose.2026.104850_bib0016","series-title":"Proc WWW","first-page":"891","article-title":"An empirical study of web cookies","author":"Cahn","year":"2016"},{"key":"10.1016\/j.cose.2026.104850_bib0017","series-title":"Proc PETS","first-page":"227","article-title":"Omnicrawl: comprehensive measurement of web tracking with real desktop and mobile browsers","author":"Cassel","year":"2022"},{"key":"10.1016\/j.cose.2026.104850_bib0018","series-title":"Proceedings of the Web Conference 2021","first-page":"2117","article-title":"Cookie swap party: abusing first-party cookies for web tracking","author":"Chen","year":"2021"},{"key":"10.1016\/j.cose.2026.104850_bib0019","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","article-title":"Android HIV: a study of repackaging malware for evading machine-learning detection","volume":"15","author":"Chen","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.cose.2026.104850_bib0020","unstructured":"Cortesi, A., Hils, M., Kriechbaumer, T., contributors, 2020. mitmproxy: a free and open source interactive HTTPS proxy (v5.01). https:\/\/mitmproxy.org\/."},{"key":"10.1016\/j.cose.2026.104850_bib0021","series-title":"Passive and Active Measurement","first-page":"258","article-title":"Measuring cookies and web privacy in a post-GDPR world","author":"Dabrowski","year":"2019"},{"key":"10.1016\/j.cose.2026.104850_bib0022","series-title":"Proc NDSS","article-title":"We value your privacy...now take some cookies: measuring the GDPR\u2019s impact on web privacy","author":"Degeling","year":"2019"},{"key":"10.1016\/j.cose.2026.104850_bib0023","series-title":"2024 IEEE Symposium on Security and Privacy (SP)","first-page":"735","article-title":"Withdrawing is believing? Detecting inconsistencies between withdrawal choices and third-party data collections in mobile apps","author":"Du","year":"2024"},{"key":"10.1016\/j.cose.2026.104850_bib0024","series-title":"Proceedings of the 24th International Conference on World Wide Web","first-page":"289","article-title":"Cookies that give you away: the surveillance implications of web tracking","author":"Englehardt","year":"2015"},{"key":"10.1016\/j.cose.2026.104850_bib0025","series-title":"27th USENIX Security Symposium (USENIX Security 18)","first-page":"151","article-title":"Who left open the cookie jar? a comprehensive evaluation of third-party cookie policies","author":"Franken","year":"2018"},{"issue":"4","key":"10.1016\/j.cose.2026.104850_bib0026","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1109\/MSEC.2019.2909710","article-title":"Exposing cookie policy flaws through an extensive evaluation of browsers and their extensions","volume":"17","author":"Franken","year":"2019","journal-title":"IEEE Secur. Privacy"},{"key":"10.1016\/j.cose.2026.104850_bib0027","series-title":"Proc TMA","first-page":"1","article-title":"The cookie recipe: untangling the use of cookies in the wild","author":"Gonzalez","year":"2017"},{"key":"10.1016\/j.cose.2026.104850_bib0028","series-title":"Proc 4th ACM Web Science Conference","first-page":"44","article-title":"Measuring web cookies in governmental websites","author":"Gotze","year":"2022"},{"key":"10.1016\/j.cose.2026.104850_bib0029","series-title":"Proc EuroS&P","article-title":"How many hands in the cookie jar? Examining privacy implications of popular apps in india","author":"Kanungo","year":"2024"},{"key":"10.1016\/j.cose.2026.104850_bib0030","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101833","article-title":"What\u2019s really \u2019happning\u2019? A forensic analysis of android and iOS happn dating apps","volume":"94","author":"Knox","year":"2020","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104850_bib0031","series-title":"Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)","first-page":"181","article-title":"A fait accompli? An empirical study into the absence of consent to third-party tracking in android apps","author":"Kollnig","year":"2021"},{"key":"10.1016\/j.cose.2026.104850_bib0032","series-title":"Proc PETS","first-page":"6","article-title":"Are iphones really better for privacy? A comparative study of iOS and android apps","author":"Kollnig","year":"2022"},{"issue":"2","key":"10.1016\/j.cose.2026.104850_bib0033","doi-asserted-by":"crossref","DOI":"10.1145\/3386040","article-title":"Browser fingerprinting: a survey","volume":"14","author":"Laperdrix","year":"2020","journal-title":"ACM Trans. Web"},{"key":"10.1016\/j.cose.2026.104850_bib0034","series-title":"Proc Securecomm","article-title":"Mobile handset privacy: measuring the data iOS and android send to apple and google","author":"Leith","year":"2021"},{"key":"10.1016\/j.cose.2026.104850_bib0035","series-title":"Proc Securecomm","article-title":"What data do the google dialer and messages apps on android send to google?","author":"Leith","year":"2022"},{"key":"10.1016\/j.cose.2026.104850_bib0036","series-title":"Proc IEEE INFOCOM","article-title":"Contact tracing app privacy: what data is shared by Europe\u2019s GAEN contact tracing apps","author":"Leith","year":"2021"},{"issue":"1","key":"10.1016\/j.cose.2026.104850_bib0037","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pone.0279942","article-title":"On the data privacy practices of android OEMs","volume":"18","author":"Liu","year":"2023","journal-title":"PLoS ONE"},{"key":"10.1016\/j.cose.2026.104850_bib0038","series-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","first-page":"3490","article-title":"CookieGraph: understanding and detecting first-party tracking cookies","author":"Munir","year":"2023"},{"key":"10.1016\/j.cose.2026.104850_bib0039","series-title":"30th USENIX Security Symposium (USENIX Security 21)","first-page":"3667","article-title":"Share first, ask later (or never?) Studying violations of GDPR\u2019s explicit consent in android apps","author":"Nguyen","year":"2021"},{"key":"10.1016\/j.cose.2026.104850_bib0040","series-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2369","article-title":"Freely given consent? Studying consent notice of third-party tracking and its violations of GDPR in android apps","author":"Nguyen","year":"2022"},{"key":"10.1016\/j.cose.2026.104850_bib0041","series-title":"Proceedings of the Web Conference 2021","first-page":"2130","article-title":"User tracking in the post-cookie era: how websites bypass GDPR consent to track users","author":"Papadogiannakis","year":"2021"},{"key":"10.1016\/j.cose.2026.104850_bib0042","series-title":"IEEE Security and Privacy Workshops (SPW)","first-page":"277","article-title":"Exploring widevine for fun and profit","author":"Patat","year":"2022"},{"key":"10.1016\/j.cose.2026.104850_bib0043","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1016\/j.procs.2022.12.123","article-title":"Digital forensics on facebook messenger application in an android smartphone based on NIST SP 800-101 r1 to reveal digital crime cases","volume":"216","author":"Pribadi","year":"2023","journal-title":"Procedia Comput. Sci."},{"key":"10.1016\/j.cose.2026.104850_bib0044","series-title":"Passive and Active Measurement","first-page":"623","article-title":"Exploring the cookieverse: a multi-perspective analysis of web cookies","author":"Rasaii","year":"2023"},{"key":"10.1016\/j.cose.2026.104850_bib0045","series-title":"Proc NDSS","article-title":"Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem","author":"Razaghpanah","year":"2018"},{"issue":"1","key":"10.1016\/j.cose.2026.104850_bib0046","doi-asserted-by":"crossref","DOI":"10.1145\/3708515","article-title":"Crumbled cookies: exploring e-commerce websites cookie policies with data protection regulations","volume":"19","author":"Singh","year":"2025","journal-title":"ACM Trans. Web"},{"key":"10.1016\/j.cose.2026.104850_bib0047","series-title":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","first-page":"1","article-title":"Android mobile device forensics: a review","author":"Tayeb","year":"2019"},{"key":"10.1016\/j.cose.2026.104850_bib0048","series-title":"Proc Privacy Enhancing Technologies Symposium","first-page":"126","article-title":"4 Years of EU cookie law: results and lessons learned","author":"Trevisan","year":"2019"},{"key":"10.1016\/j.cose.2026.104850_bib0049","series-title":"34th USENIX Security Symposium (USENIX Security 25)","first-page":"6521","article-title":"Hytrack: resurrectable and persistent tracking across android apps and the web","author":"Wessels","year":"2025"},{"key":"10.1016\/j.cose.2026.104850_bib0050","series-title":"33rd USENIX Security Symposium (USENIX Security 24)","first-page":"6543","article-title":"Navigating the privacy compliance maze: understanding risks with privacy-configurable mobile SDKs","author":"Zhang","year":"2024"},{"key":"10.1016\/j.cose.2026.104850_bib0051","series-title":"26th USENIX Security Symposium (USENIX Security 17)","first-page":"1391","article-title":"A privacy analysis of cross-device tracking","author":"Zimmeck","year":"2017"}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S016740482600026X?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S016740482600026X?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T14:18:06Z","timestamp":1774361886000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S016740482600026X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6]]},"references-count":51,"alternative-id":["S016740482600026X"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.104850","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,6]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Cookies, identifiers and other data that google silently stores on android handsets","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.104850","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"104850"}}