[DEFCON 19] Cellular Privacy: A Forensic Analysis of Android Network Traffic

It’s no secret that our cell phones are constantly collecting data about our movements, who we’re talking to, and what websites we’re visiting. But just how much information is being collected, and who has access to it? A new study from the University of Cambridge has found that Android devices are sending detailed information about our activities back to Google, even when we think they’re not.

The study, which will be presented at the Defcon 19 hacking conference in Las Vegas this week, looked at the network traffic of several popular Android apps and found that many are sending sensitive data back to Google without our knowledge or consent.

One of the most alarming findings is that the Google Play Store is sending information about every app we install back to Google, even if we’ve never opened it. This includes not only the name and package name of the app, but also a unique identifier that can be used to track us across different devices.

Even more disturbingly, the researchers found that some apps were sending sensitive information like our location, phone number, and list of installed apps back to Google without encryption. This means that anyone who can intercept our traffic (such as our ISP or a malicious actor on a public Wi-Fi network) can easily snoop on this data.

The good news is that there are steps we can take to protect our privacy. The researchers recommend using a VPN or proxy service to encrypt your traffic, and only installing apps from trusted sources like the F-Droid store. But even these measures won’t stop Google from collecting data about our activities; they’ll just make it harder for others to spy on us.

If you’re concerned about your privacy, now is the time to start taking steps to protect yourself. Don’t wait for Google or your ISP to do it for you.