Tor traffic from individual Android apps detected with 97 percent accuracy


Android Tor

Italian academics say they’ve developed an algorithm that can detect the patterns of Android app activity inside Tor traffic with an accuracy of 97 percent.

The algorithm isn’t a deanonymization script, as it can’t reveal a user’s real IP address or other identifying details. However, it will reveal if a Tor user is using an Android app.

The work of researchers from the Sapienza University of Rome in Italy builds upon previous research that was able to analyze the TCP packet flows of Tor traffic and distinguish between eight traffic types: browsing, email, chat, audio streaming, video streaming, file transfers, VoIP, and P2P.

For their work, the Italian researchers applied a similar concept of analyzing the TCP packets flowing through a Tor connection to detect patterns specific to certain Android apps.

Read more…