Skip to main content
SpringerLink
Log in

Leaky Birds: Exploiting Mobile Application Traffic for Surveillance

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9603))

Included in the following conference series:

Abstract

Over the last decade, mobile devices and mobile applications have become pervasive in their usage. Although many privacy risks associated with mobile applications have been investigated, prior work mainly focuses on the collection of user information by application developers and advertisers. Inspired by the Snowden revelations, we study the ways mobile applications enable mass surveillance by sending unique identifiers over unencrypted connections. Applying passive network fingerprinting, we show how a passive network adversary can improve his ability to target mobile users’ traffic.

Our results are based on a large-scale automated study of mobile application network traffic. The framework we developed for this study downloads and runs mobile applications, captures their network traffic and automatically detects identifiers that are sent in the clear. Our findings show that a global adversary can link 57% of a user’s unencrypted mobile traffic. Evaluating two countermeasures available to privacy aware mobile users, we find their effectiveness to be very limited against identifier leakage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    All these methods are feasible, as illustrated by the Snowden revelations [6, 8].

  2. 2.

    The source code of the framework, as well as the collected data will be made available to researchers upon request.

  3. 3.

    We chose 20 since this was the maximum number of apps that can be installed on an Android emulator at once, which we used in the preliminary stages of the study.

References

  1. APK Downloader [Latest] Download Directly — Chrome Extension v3 (Evozi Official). http://apps.evozi.com/apk-downloader/

  2. Cross Reference: /external/kernel-headers/original/asm-arm/param.h. http://androidxref.com/4.1.2/xref/external/kernel-headers/original/asm-arm/param.h#18

  3. dpkt 1.8.6.2: Python Package Index. https://pypi.python.org/pypi/dpkt

  4. dtmilano/AndroidViewClient. https://github.com/dtmilano/AndroidViewClient/

  5. dumpcap - The Wireshark Network Analyzer 1.12.2. https://www.wireshark.org/docs/man-pages/dumpcap.html

  6. GCHQ taps fibre-optic cables for secret access to world’s communications. http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa

  7. Nmap Network Scanning - Remote OS Detection - Usage and Examples. http://nmap.org/book/osdetect-usage.html

  8. NSA Prism program taps in to user data of Apple, Google and others. http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

  9. Smartphones: So many apps, so much time. http://www.nielsen.com/us/en/insights/news/2014/smartphones-so-many-apps-so-much-time.html

  10. SystemClock — Android Developers. http://developer.android.com/reference/android/os/SystemClock.html

  11. Identifying App Installations — Android Developers Blog (2011). http://android-developers.blogspot.be/2011/03/identifying-app-installations.html

  12. ‘Tor Stinks’ presentation (2013). http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

  13. About Adblock Plus for Android (2015). https://adblockplus.org/android-about

  14. Disconnect Malvertising for Android (2015). https://disconnect.me/mobile/disconnect-malvertising/sideload

  15. Manpage of TCPDUMP (2015). http://www.tcpdump.org/tcpdump_man.html

  16. Mobile apps doubleheader: BADASS Angry Birds (2015). http://www.spiegel.de/media/media-35670.pdf

  17. Selenium - Web Browser Automation (2015). http://docs.seleniumhq.org/

  18. UI/Application Exerciser Monkey — Android Developers (2015). http://developer.android.com/tools/help/monkey.html

  19. Acar, G., Eubank, C., Englehardt, S.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)

    Google Scholar 

  20. Balakrishnan, M.: Where’s that phone? Geolocating IP addresses on 3G networks. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference, pp. 294–300 (2009)

    Google Scholar 

  21. Bellovin, S.M.: A technique for counting NATted hosts. In: Proceedings of the second ACM SIGCOMM Workshop on Internet Measurement - IMW 2002, p. 267 (2002)

    Google Scholar 

  22. Black, P.E.: Ratcliff/Obershelp pattern recognition, December 2004. https://xlinux.nist.gov/dads//HTML/ratcliffObershelp.html

  23. Bursztein, E.: Time has something to tell us about network address translation. In: Proceedings of NordSec (2007)

    Google Scholar 

  24. Dai, S., Tongaonkar, A., Wang, X., Nucci, A., Song, D.: NetworkProfiler: towards automatic fingerprinting of Android apps. In: 2013 Proceedings IEEE INFOCOM, pp. 809–817, April 2013

    Google Scholar 

  25. Enck, W., Cox, L.P., Gilbert, P., Mcdaniel, P.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI 2010 Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (2010)

    Google Scholar 

  26. Englehardt, S., Reisman, D., Eubank, C., Zimmerman, P., Mayer, J., Narayanan, A., Felten, E.W.: Cookies that give you away: the surveillance implications of web tracking. In: Proceedings of the 24th International Conference on World Wide Web, pp. 289–299 (2015)

    Google Scholar 

  27. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, p. 627 (2011)

    Google Scholar 

  28. Grace, M., Zhou, W., Jiang, X., Sadeghi, A.: Unsafe exposure analysis of mobile in-app advertisements. In: Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks 067(Section 2) (2012)

    Google Scholar 

  29. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: Retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 639–652. ACM (2011)

    Google Scholar 

  30. Jacobson, V., Braden, R., Borman, D., Satyanarayanan, M., Kistler, J., Mummert, L., Ebling, M.: RFC 1323: TCP extensions for high performance (1992)

    Google Scholar 

  31. Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secure Comput. 2(2), 93–108 (2005)

    Article  Google Scholar 

  32. Marlinspike, M.: New tricks for defeating SSL in practice. BlackHat DC, February 2009

    Google Scholar 

  33. Murdoch, S.J.: Hot or not: revealing hidden services by their clock skew. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 27–36. ACM (2006)

    Google Scholar 

  34. Soltani, A., Peterson, A., Gellman, B.: NSA uses Google cookies to pinpoint targets for hacking (2013). https://www.washingtonpost.com/news/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/

  35. Stevens, R., Gibler, C., Crussell, J.: Investigating user privacy in android ad libraries. In: IEEE Mobile Security Technologies (MoST) (2012)

    Google Scholar 

  36. Suarez-Tangil, G., Conti, M., Tapiador, J.E., Peris-Lopez, P.: Detecting targeted smartphone malware with behavior-triggering stochastic models. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 183–201. Springer, Cham (2014). doi:10.1007/978-3-319-11203-9_11

    Google Scholar 

  37. Tekeoglu, A., Altiparmak, N., Tosun, A.: Approximating the number of active nodes behind a NAT device. In: 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), pp. 1–7. IEEE (2011)

    Google Scholar 

  38. Tongaonkar, A., Dai, S., Nucci, A., Song, D.: Understanding mobile app usage patterns using in-app advertisements. In: Roughan, M., Chang, R. (eds.) PAM 2013. LNCS, vol. 7799, pp. 63–72. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36516-4_7

    Chapter  Google Scholar 

  39. Vanrykel, E.: Passive network attacks on mobile applications. Master’s thesis, Katholieke Universiteit Leuven (2015)

    Google Scholar 

  40. Vanrykel, E., Acar, G., Herrmann, M., Diaz, C.: Exploiting Unencrypted Mobile Application Traffic for Surveillance (Technical report) (2016). https://securewww.esat.kuleuven.be/cosic/publications/article-2602.pdf

  41. Weinstein, D.: Leaking Android hardware serial number to unprivileged apps (2013). http://insitusec.blogspot.be/2013/01/leaking-android-hardware-serial-number.html

  42. Wicherski, G., Weingarten, F., Meyer, U.: IP agnostic real-time traffic filtering and host identification using TCP timestamps. In: 2013 IEEE 38th Conference on Local Computer Networks (LCN), pp. 647–654. IEEE (2013)

    Google Scholar 

  43. Xia, N., Song, H.H., Liao, Y., Iliofotou, M.: Mosaic: quantifying privacy leakage in mobile networks. In: SIGCOMM 2013, Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM (ii), pp. 279–290 (2013)

    Google Scholar 

  44. Zander, S., Murdoch, S.J.: An improved clock-skew measurement technique for revealing hidden services. In: USENIX Security Symposium, pp. 211–226 (2008)

    Google Scholar 

Download references

Acknowledgment

We would like to thank Steve Englehardt, Yves Tavernier and anonymous reviewers for their helpful and constructive feedback. This work was supported by the Flemish Government FWO G.0360.11N Location Privacy, FWO G.068611N Data mining and by the European Commission through H2020-DS-2014-653497 PANORAMIX and H2020-ICT-2014-644371 WITDOM.

Author information

Authors and Affiliations

  1. KU Leuven, Leuven, Belgium

    Eline Vanrykel

  2. imec-COSIC KU Leuven, Leuven, Belgium

    Gunes Acar, Michael Herrmann & Claudia Diaz

Authors
  1. Eline Vanrykel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gunes Acar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Herrmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Claudia Diaz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gunes Acar .

Editor information

Editors and Affiliations

  1. Technical University Munich, Garching, Germany

    Jens Grossklags

  2. Department of Electrical Engineering-ESAT, KU Leuven, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Vanrykel, E., Acar, G., Herrmann, M., Diaz, C. (2017). Leaky Birds: Exploiting Mobile Application Traffic for Surveillance. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-54970-4_22

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-54969-8

  • Online ISBN: 978-3-662-54970-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation