Print Email Facebook Twitter Android App Tracking Title Android App Tracking: Investigating the feasibility of tracking user behavior on mobile phones by analyzing encrypted network traffic Author Meijer, Wilko (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security) Contributor Doerr, Christian (mentor) Degree granting institution Delft University of Technology Date 2019-12-17 Abstract The mobile phone has become an important part of people's lives and which apps are used says a lot about a person. Even though data is encrypted, meta-data of network traffic leaks private information about which apps are being used on mobile devices.Apps can be detected in network traffic using the network fingerprint of an app, which shows what a typical connection of the app resembles. In this work, we investigate whether fingerprinting apps is feasible in the real world. We collected automatically generated data from various versions of around 500 apps and real-world data from over 65 unique users. We learn the fingerprints of the apps by training a Random Forest on the collected data. This Random Forest is used to detect app fingerprints in network traffic. We show that it is possible to build a model that can classify a specific subset of apps in network traffic. We also show that it is very hard to build a complete model that can classify all possible apps traffic due to overlapping fingerprints. Updates to apps have a significant effect on the network fingerprint, such that models should be updated every one or two months. We show that by only selecting a subset of apps it is possible to successfully classify network traffic. Various countermeasures against network traffic analysis are investigated. We show that using a VPN is not an effective countermeasure because an effective classifier can be trained on VPN data. We conclude that fingerprinting in the real world is feasible, but only on specific sets of apps. Subject Androidfingerprintingnetwork traffic analysismachine learning To reference this document use: http://resolver.tudelft.nl/uuid:bda285c9-117d-49a3-93a1-2530a07f6cff Embargo date 2020-03-31 Part of collection Student theses Document type master thesis Rights © 2019 Wilko Meijer Files PDF master_thesis_wkmeijer_an ... acking.pdf 7.52 MB Close viewer /islandora/object/uuid:bda285c9-117d-49a3-93a1-2530a07f6cff/datastream/OBJ/view