3 min read

Kushal Das, a staff member at Freedom of the Press Foundation, privacy advocate, and a CPython core developer published a post earlier this month, titled, ‘Tracking my phone’s silent connections’.

In the post, Das talks about the new system that he has built using the existing open source projects and tools, to track what his phone does, what servers it connects to and to look deeper into the network traffic from the phone.

How did he start?

Das mentions that his initial trial involved creating a wifi hotspot at home using a Raspberry Pi. He then started to capture all the packets from this device with the help of standard tools (dumpcap) and via the logs using Wireshark, a network protocol analyzer.

This procedure, however, was only capable of capturing the data when connected to the network at home. So, to take the procedure further ahead, Das took a different approach where he chose ‘algo’ to create a VPN server. He then made use of WireGuard, a modern VPN tunnel, to connect his iPhone to the VPN. This process allowed capturing all the traffic from the phone easily on the VPN server.

Analyzing the data post one week

Das captured the data initially for only one week. He then started to capture pcap files into his computer, where he also wrote Python code to put the data into an SQLite database. This allowed him to query the data very fast.

Das plotted a graph with all the different domains that got queried at least 10 times in a week where he observed that his phone was trying to find servers from Apple as it is an iPhone. He also noted many queries related to Twitter as he uses the Twitter app frequently. Then it was Google, for which the phone queried many other Google domains (although he only sometimes browsed through YouTube). He also observed queries to Akamai CDN service and Amazon AWS related hosts. Many data analytics related companies were also queried including dev.appboy.com.

Tracking the data flow

After looking at the DNS queries, Das wanted to look deeper into the actual servers that his phone communicates with. Das put together a graph of all the major companies that his phone communicates to, here’s the graph:


                                                                Major Companies

Das discovered that Apple is the leading firm that takes about 44% of all the connections in his phone, and the number is 495225 times. Twitter earns the second place, with Edgecastcdn taking the third. He noticed that his phone communicated with Google servers 67344 number of times i.e. 7 times less than Apple.

He then further removed big firms such as Google and Amazon from the graph and observed that the analytics companies such as nflxso.net and mparticle.com make up about 31% of the connections.

The 3 other CDN companies are Akamai, CloudFront, and Cloudflare that make up 8%, 7%, and 6% each. Das mentions that he doesn’t have information about the things that these companies track on his phone which he finds scary. “Do I know what all things are these companies tracking? Nope, and that is scary enough,” said Das.

Future work

Das mentions that he’s looking into creating a set of tools in the future that can:

  • Be deployed on the VPN server
  • are user-friendly and easy to monitor
  • block/unblock traffic from their phone.

“The major part of the work is to make sure that the whole thing is easy to deploy, and can be used by someone with less technical knowledge”, states Das.

For more information, check out the official blog post by Kushal Das.

Read Next

OpenAI team publishes a paper arguing that long term AI safety research needs social scientists

China’s Huawei technologies accused of stealing Apple’s trade secrets, reports The Information

UK lawmakers publish a report after 18 month long investigation condemning Facebook’s disinformation and fake news practices

Tech writer at the Packt Hub. Dreamer, book nerd, lover of scented candles, karaoke, and Gilmore Girls.