A. Contribution

  1. Problem addressed by the paper

Profiling mobile apps by monitoring network traffic.

  1. Solution proposed in the paper. Why is it better than previous work?

Using unique identifier (msid=X) in the HTTP header. Previous works did not consider analyzing HTTP traces for this purpose.

  1. The major results.

The implementation, FLOWR, is capable of identifying 90% of apps (2700 out of 3000) without relying on the seed signatures.

B. Basic idea and approach. How does the solution work?

Finding unique identifier inside HTTP header, then promote the identifier as signature when the correlation with a particular app is high. Then using these apps signatures, they tested FLOWR on real world traffic data and apps run on emulator to find the ground truth. Then they compare both data to test the accuracy.

Automatic_Generation_of_Mobile_App_Signatures_from_Traffic_Observations_pdf

C. Strengths

  1. Initial novel idea not found in previous works. Has been developed further using rules by some of the same authors in Mobicom 2015, entitled: SAMPLES: Self Adaptive Mining of Persistent LExical Snippets for Classifying Mobile Application Traffic.
  1. Good method for network administrator in an organization to monitor their network traffic.

D. Weaknesses

  1. Cannot identify mobile apps that use protocol other than HTTP.
  2. Cannot identify mobile apps that use encryption to their traffic.
  3. This technique can be abused to violate users’ privacy. Clear HTTP traffic can be analyzed to identify the users of the mobile apps. Then this information can be used to attack those users.
  4. They only tested using doubleclick.net ad service which accounts for only half of free Android apps. Might not work well outside doubleclick.net.
  5. There is a problem when several apps could send network traffic continuously in the background to refresh their contents. They might be weather, news, or social network apps. It could be difficult to differentiate between them. Especially if they are developed by the same app publisher.
  6. They tested using Gingerbread and Ice Cream Sandwich which are considered old version of Android platform. They should test it using newer version of Android platform.
  7. The ground truth was collected from apps run in emulator using Android monkey. It might be different from real user interaction.

E. Future work, Open issues, possible improvements

  1. The accuracy could be further improved.