How Private is Android's Private DNS Setting? Identifying Apps by Encrypted DNS Traffic

06/26/2021
by   Michael Mühlhauser, et al.
0

DNS over TLS (DoT) and DNS over HTTPS (DoH) promise to improve privacy and security of DNS by encrypting DNS messages, especially when messages are padded to a uniform size. Firstly, to demonstrate the limitations of recommended padding approaches, we present Segram, a novel app fingerprinting attack that allows adversaries to infer which mobile apps are executed on a device. Secondly, we record traffic traces of 118 Android apps using 10 different DoT/DoH resolvers to study the effectiveness of Segram under different conditions. According to our results, Segram identifies apps with accuracies of up to 72 of Segram is comparable with state-of-the-art techniques but Segram requires less computational effort. We release our datasets and code. Thirdly, we study the prevalence of padding among privacy-focused DoT/DoH resolvers, finding that up to 81 recommended padding approaches are less effective than expected and that resolver operators are not sufficiently aware about this feature.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/03/2022

Our fingerprints don't fade from the Apps we touch: Fingerprinting the Android WebView

Numerous studies demonstrated that browser fingerprinting is detrimental...
research
09/29/2022

Hidden in Plain Sight: Exploring Encrypted Channels in Android apps

As privacy features in Android operating system improve, privacy-invasiv...
research
02/25/2021

Understanding Worldwide Private Information Collection on Android

Mobile phones enable the collection of a wealth of private information, ...
research
12/28/2021

Analysis of Longitudinal Changes in Privacy Behavior of Android Applications

Privacy concerns have long been expressed around smart devices, and the ...
research
05/24/2021

Dissecting Click Fraud Autonomy in the Wild

Although the use of pay-per-click mechanisms stimulates the prosperity o...
research
04/19/2022

Identifying organizations receiving personal data in Android Apps

Many studies have demonstrated that mobile applications are common means...
research
02/06/2023

From Emulation to Mathematical: A More General Traffic Obfuscation Approach To Encounter Feature based Mobile App traffic Classification

The usage of the mobile app is unassailable in this digital era. While t...

Please sign up or login with your details

Forgot password? Click here to reset