Investigating and Revealing Privacy Leaks in Mobile Application Traffic

Abstract

Mobile devices and applications are playing an important role in people’s daily activities. Although mobile application greatly enriches and facilitates the lives of its users, the users are unconsciously giving away their privacy. In this paper, a mobile traffic analysis tool is proposed to find out what private data is leaked from application network traffic. The analysis process has two steps, including capturing network traffic and analyzing privacy leakage. By applying this tool on traffic from 51 popular applications in China, we show that a lot of private information can be obtained by passively monitoring network traffic, such as location, device information, online behavior, and even personal password. Finally, the measures for mitigating the leakage of private user data are discussed.