Nothing But Net: Invading Android User Privacy Using Only Network Access Patterns
This reveals a critical privacy vulnerability in Android systems, allowing any app to potentially track sensitive user activities without permissions.
The study demonstrates that using only network metadata like packet timing and size, an attacker can infer a user's location and web browsing history on Android devices, achieving high accuracy in identifying visited websites and sensitive locations.
We evaluate the power of simple networks side-channels to violate user privacy on Android devices. Specifically, we show that, using blackbox network metadata alone (i.e., traffic statistics such as transmission time and size of packets) it is possible to infer several elements of a user's location and also identify their web browsing history (i.e, which sites they visited). We do this with relatively simple learning and classification methods and basic network statistics. For most Android phones currently on the market, such process-level traffic statistics are available for any running process, without any permissions control and at fine-grained details, although, as we demonstrate, even device-level statistics are sufficient for some of our attacks. In effect, it may be possible for any application running on these phones to identify privacy-revealing elements of a user's location, for example, correlating travel with places of worship, point-of-care medical establishments, or political activity.