• Home
  • Research Projects

Investigating tracking of android users using network traffic analysis

Instructions for the app used for data collection as part of a research project of the TUDelft

Research description

Nowadays almost all data that is sent over the Internet is encrypted. This encryption protects the content from being inspected by third parties. However, even though the content is not visible, there is still metadata available to third parties that might provide insights into the behavior of users. In this research we investigate whether it is possible to identify which apps people are using only by looking at the encrypted network traffic their mobile phones produce. When proven feasible we will look into countermeasures against this type of analysis.

To train the models used for analysing the network traffic we need to obtain a ground truth of data. Therefore we want to obtain network traffic from real users for which we already know from which mobile app it originates. To assist in the experiment we’ve created an app that allows for easy participation in this experiment.


How does the app work?

The experiment app tunnels traffic through a VPN to a TUDelft server. A log of the metadata of the tunnelled traffic is kept on this server.

At the same time the experiment app logs which apps are used on the device. This log is uploaded to our servers every five minutes the experiment is running and at the end. The logs are very small, the extra network data used will be less than 1MB/day. Modern Android phone will go into a battery saving sleep mode when they haven't been used for some time, this means the logger also goes to sleep. Therefore the logs aren't uploaded every five minutes, but only every 5 minutes the phone is active. The net time the experiment has been running can be found on the Stats page in the app.

Once the log is uploaded, we can combine it with the logged metadata to get a dataset of metadata labelled with the apps it belongs to.

Which data is used by us?

We only use metadata of the encrypted network traffic. We cannot see the contents of your messages. The destination, size, duration and timestamps of network traffic are used. So we are able to see which websites or services are connected to and which apps you use, but not which pages you visit or what you do on the apps. We are not able to link the network traffic to you.

Unencrypted traffic is also routed through our servers, but not stored or looked at.


What should you do?

Mainly you should use apps as you do normally. To help us collect more useful data you could try to use a wide variety of apps and limit the use of your browser. You can participate as short or as long as you like, from minutes to hours and split up over as many sessions as you like. However, to prevent any unforeseen errors and loss of data it is best to not leave the service on for longer than a day and to split it up into sessions. Lastly we ask you to please not do anything illegal; in general, but especially while participating in the experiment.


Installation and usage instructions

To install the app, become a tester and download it from the Google Playstore here. The app is available for Android devices from Android 6.0.

After you have installed the app you will be asked to consent to the collection and processing of your network traffic and the data about your app usage. Now you are able to press the play button in the bottom right corner to start participating in the experiment. These two steps are highlighted in figure 1. The first time you do this you will get a request to confirm that you agree that your traffic is routed through our servers, as can be seen in figure 2. After you accept this a connection will be made to our servers and all traffic will be captured as previously explained. At the same time the app usage will be logged. While the experiment is running two notifications will be visible, as can be seen in figure 3, indicating that your traffic is tunnelled through the VPN and that the app usage is logged. Depending on your Android version a notification with the image of a key will also be visible.

When you want to stop participating in the experiment press the stop button. The app usage logs will be uploaded and the phone’s connection will work as before.



Fig. 1. Circled are the buttons to press to start the experiment
Fig. 2. Permission request for VPN tunnel, only visible when first starting the app
Fig. 3. Within the red box the notifications can be seen that are visible when the experiment is running
\