Leaky Birds: Exploiting Mobile Application Traffic for Surveillance

Vanrykel, Eline; Acar, Güneş; Herrmann, Michael; Díaz, Claudia

doi:10.1007/978-3-662-54970-4_22

Cited by 16 publications

(18 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related work suggested the use of deep packet inspection (DPI) for this purpose. Some approaches attempt to automatically identify clear-text snippets in network traffic that are unique to an app [64,68]. Other classifiers focus specifically on HTTP headers in combination with traditional machine learning [44] or deep learning approaches [19].…”

Section: Related Workmentioning

confidence: 99%

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Ede

Bortolameotti²,

Continella

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

143

View full text Add to dashboard Cite

Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process. As a solution, we propose FLOWPRINT, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic. We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints. Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve. We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming stateof-the-art solutions. In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication.

show abstract

Section: Related Workmentioning

confidence: 99%

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Ede

Bortolameotti²,

Continella

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

143

View full text Add to dashboard Cite

show abstract

“…Previous work has analyzed the collection of personal information through both static and dynamic analysis [1,10,24]. Static analysis consists of evaluating soft-ware without execution [1,7], whereas dynamic analysis focuses on tracking the transmission of sensitive information at runtime [10,36,40,50]. Runtime behavior is often paired with the observation of network traffic to identify personal data dissemination.…”

Section: Analysis Of Mobile App Privacymentioning

confidence: 99%

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

Han

Reyes

Feal

et al. 2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

It is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

show abstract

“…Vanrykel et al [88] use a non-learning approach to user fingerprinting is described. A PC connected to a mobile device installs and performs scripted actions on applications and signals VPN servers to start and stop data capture.…”

Section: User and Device Fingerprintingmentioning

confidence: 99%

A Survey on Analyzing Encrypted Network Traffic of Mobile Devices

Bhatiaa¹,

Bahugunaa²,

Tiwaria³

et al. 2020

Preprint

View full text Add to dashboard Cite

Over the years, use of smartphones has come to dominate several areas, improving our lives, offering us convenience, and reshaping our daily work circumstances. Beyond traditional use for communication, they are used for many peripheral tasks such as gaming, browsing, and shopping. A significant amount of traffic over the Internet belongs to the applications running over mobile devices. Applications encrypt their communication to ensure the privacy and security of the user's data. However, it has been found that the amount and nature of incoming and outgoing traffic to a mobile device could reveal a significant amount of information that can be used to identify the activities performed and to profile the user. To that end, researchers are trying to develop techniques to classify encrypted mobile traffic at different levels of granularity, with the objectives of performing mobile user profiling, network performance optimization, etc. This paper proposes a framework to categorize the research works on analyzing encrypted network traffic related to mobile devices. After that, we provide an extensive review of state of the art based on the proposed framework.

show abstract

Leaky Birds: Exploiting Mobile Application Traffic for Surveillance

Cited by 16 publications

References 18 publications

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

A Survey on Analyzing Encrypted Network Traffic of Mobile Devices

Contact Info

Product

Resources

About