ReCon based on a platform called Meddle

Wed, 18.11.2015

Meddle: Enabling Transparency and Control for Mobile Internet Traffic

Mobile devices such as smartphones and tablets have fundamentally changed the way we interact with the Internet—and each other—in many positive ways. Underlying this enormous success are several core challenges that remain difficult to address. Apps track users and leak their personal data; the network performance and neutrality of mobile Internet service providers (ISPs) are generally unknown; and apps inefficiently use available networking resources, leading to suboptimal network performance and energy consumption. Addressing these problems requires not only visibility into the traffic generated by devices, but also control over how, when, and where that traffic is sent to and handled by third parties. 

With Meddle, we explore a simpler and more effective strategy to address these problems: using network redirection to improve visibility and control for network traffic from mobile devices. Specifically, we use natively supported OS features (namely, VPN connectivity) to redirect a device’s Internet traffic over a secure channel to a trusted server. We developed new systems running atop this server to characterize and control network traffic using controlled and in situ studies. Our research builds upon this platform to improve privacy, policy transparency and performance in the mobile environment. We present summary results from our experience using this tool to reveal private information leaked in network traffic from mobile devices. We then show how to reveal mobile ISP performance and policies using Meddle as an in-path vantage point located outside mobile networks.

ReCon App Watches Your Other Apps for Leaked Private Info

Many apps people use every day occasionally need to check your location, or have to send or request certain personal data — age, gender and so on. But do you really know when this is happening, and how often? A new app called ReCon keeps a close eye on the other apps on your phone, recording when they send personally identifiable information and letting you decide how much is too much.

ReCon is the work of Northeastern University's David Choffnes, an assis­tant pro­fessor in the Col­lege of Com­puter and Infor­ma­tion Sci­ence. On Monday, he also released a study (PDF) showing that about half of the top 100 apps, on both iOS and Android, leak device information, and dozens share user details or location with third parties. The study also noted that there is no easy way for users to track this data or prevent it from being sent.

See more about Ashwin Rao.

Contact person: Ashwin Rao

Last updated on 18 Nov 2015 by Maria Lindqvist - Page created on 18 Nov 2015 by Maria Lindqvist