Mobile devices generate the majority of Internet traffic today and also have access to a wealth of personal information. Visibility into the activity of mobile devices is of interest to end-users as well as to network operators, advertisers and a number of other players. In this project, we develop AntMonitor — a tool that monitors the network activity of mobile devices and reveals privacy leaks directly (detecting PII leaking out of the device) or indirectly (profiling users based on minimal information).
In this proposal, we present the design of AntMonitor: a user-space mobile app based on a VPN-service that runs only on the device (\ie without the need of a remote VPN server). We show that AntMonitor significantly outperforms prior state-of-the-art approaches: it achieves speed over 90 Mbps (downlink) and 65 Mbps (uplink), which are 2x and 8x the throughput of existing mobile-only baselines and is 94% of the throughput without VPN, all while using 2–12x less energy. Then, we showcase preliminary results from a pilot study that show that AntMonitor can efficiently perform (i) real-time detection and prevention of private information leakage from the device to the network and (ii) application classification and user profiling.
Finally, we summarize the current state of the prototype, and our efforts in releasing the tool to end-users, commercial partners, and the research community. The mobile-only version of AntMonitor is currently in alpha-testing, and we request DTL support in order to complete the effort, release the tool to the community, and also get the opportunity to interact with the members of the DTL community.