Robust smartphone app identification via encrypted network traffic analysis

Abstract

The apps installed on a smartphone can revealmuch information about a user, such as their medical conditions,sexual orientation, or religious beliefs. Additionally, the presenceor absence of particular apps on a smartphone can informan adversary who is intent on attacking the device. In thispaper, we show that a passive eavesdropper can feasibly identifysmartphone apps by fingerprinting the network traffic that theysend. Although SSL/TLS hides the payload of packets, side-channel data such as packet size and direction is still leaked fromencrypted connections. We use machine learning techniques toidentify smartphone apps from this side-channel data. In additionto merely fingerprinting and identifying smartphone apps, weinvestigate how app fingerprints change over time, across devicesand across different versions of apps. Additionally, we introducestrategies that enable our app classification system to identify andmitigate the effect of ambiguous traffic, i.e., traffic in commonamong apps such as advertisement traffic. We fully implementeda framework to fingerprint apps and ran a thorough set ofexperiments to assess its performance. We fingerprinted 110 of the most popular apps in the Google Play Store and were ableto identify them six months later with up to 96% accuracy.Additionally, we show that app fingerprints persist to varyingextents across devices and app versions

Publication
IEEE Transactions on Information Forensics and Security

Related