Nothing But Net: Invading Android User Privacy Using Only Network Access Patterns

We evaluate the power of simple networks side-channels to violate user privacy on Android devices. Specifically, we show that, using blackbox network metadata alone (i.e., traffic statistics such as transmission time and size of packets) it is possible to infer several elements of a user's location and also identify their web browsing history (i.e, which sites they visited). We do this with relatively simple learning and classification methods and basic network statistics. For most Android phones currently on the market, such process-level traffic statistics are available for any running process, without any permissions control and at fine-grained details, although, as we demonstrate, even device-level statistics are sufficient for some of our attacks. In effect, it may be possible for any application running on these phones to identify privacy-revealing elements of a user's location, for example, correlating travel with places of worship, point-of-care medical establishments, or political activity.