Something isn't right here. 80MB of pcap data with 138k packets captured, but over 5 million connections to googleapis.com. That's 36 connections per packet. Also, if you add up the number of packets in the destination port table and divide that into 80MB, it works out to 4 bytes per packet. Which is a bit surprising considering IPv4 has a 20 byte header on every packet.

Exactly the same what i thought. This would lead to 216 constant packets per second over the 24h

It would be great to turn this into an app that tells you what is sending requests to whom.

And then turn that into a game, see who can get the lowest amount of data sent.

There are a lot of programs that already let you do that - look for a firewall and a network logger, there are plenty to choose from.

I would be in the running for the main prize then as I use a firewall with a whitelist policy. Everything is blocked (including the system) except the very few applications that I want to communicate. I would still lose to all the people who just disable the data connection.

I meant for a non-technical audience.

A game in which participation is to monitor your own data, and to actively play the game you increase your privacy.

A game that educates people as to what your apps are doing and what your phone is doing.

A game that to win (for some local definition of win) means to take control of your privacy.

People like yourself, myself, and most of the HN audience will know how to run firewalls, VPNs, hosts files, rooted phones, disable data, etc. But the layman does not, or is unlikely to do those things as they're scary.

They care, but they don't have a concept on how bad it is and what they can do to improve their lot.

I think we too often patronise average users. I think it's quite likely that they understand the situation but simply have a different opinion about the privacy/convenience trade-offs. Smacks a bit of "you'd agree with me if only you could understand the problem as well as I do" argument which doesn't account for people who have different values than us.

Now I feel bad as I was specifically thinking of my girlfriend and her academic peers who all have expressed that they would like to be more active in protecting their privacy but don't know where to begin. None of whom I'd patronise in any way. When talks over dinner strays onto the news of the last year it will inevitably end up with the question, "What can we do?".

Part of the answer to that is to take steps to protect your own privacy, encrypt, reduce what you share with third parties, and operate a reasonably sane set of defaults with regards to how one protects their data.

And I, who know how to take some steps, cannot realistically help, give guidance and support to them all. And they all have slightly different and nuanced perceptions of what their priority is, what they're seeking to achieve. Everyone has their own reasons.

I personally am at the point in which I don't wish to become the 2010's equivalent of the guy who can give computer support to Windows users, and yet here are smart people wanting a simple way to explore their options and choose what to act on.

I didn't mean game as in "cutesy candy stuff". Just a score would do, simple game theory... do some action, increase your score.

A bit like the LastPass Security Check... which tests how many sites share the same password, how many have weak passwords, etc.

It's an awesome idea. I'd give it some money if it was kick-started.

It's way more fun if you put a SSL intercept in place too. I found mitmproxy was probably the easiest to configure, for android.

You can turn up some seriously interesting (scary) things.

I'd not heard of the Debian on Android kit [1] before. Sounds interesting! I had heard of using tcpdump to monitor traffic on Android though, and have used this in the past to help debug some network problems we were having with our app. We used a natively compiled version of tcpdump [2]. We still needed to root our phones though.

[1] http://sven-ola.dyndns.org/repo/debian-kit-en.html

[2] http://gadgetcat.wordpress.com/2011/09/11/tcpdump-on-android...

tcpdump is pretty easy to crosscompile to Android with a standalone toolchain.

Interesting results, I am quite shocked that (from a rough general look) all the applications only sent your location, android version, language and user-agent, I was expecting more! Good Job sir :)

I don't think you can be sure of that, anything could have been sent over the SSL connections.

Great analysis. Interesting 10 times as many requests against 443 than 80. I wouldn't expect that. (of course it doesn't mean it's all HTTPS but still)

Unfortunately the author didn't use mitmproxy (or sslstrip).

One would hope sslstrip would not work against an app!

You'd be surprised how much code out there "uses SSL" but to get it to "just work", it outright ignores things like DN checking, certificate expiry, even chain verification. It's on the faulty premise that encryption is the only thing that's important.

This i found interesting: http://intelcrawler.com/

"Hacktivism, Illicit Drug trade, Cyber Attacks, Human Trafficking, Money Laundering, and other areas - could have a set of predictive probabilities by analyzing huge volumes of data in virtual space and narrowing the common denominator IPs and other cyber prints."