DNS Query Forgery: A Client-Side Defense Against Mobile App Traffic Profiling
Andrea Jimenez-Berenguel, César Gil, Carlos Garcia-Rubio, Jordi Forné, Celeste Campo
TL;DR
This work addresses the privacy risk posed by DNS queries revealing mobile user behavior even when traffic is encrypted. It introduces a client-side data-perturbation approach—DNS query forgery—where false queries are mixed with genuine ones to obfuscate user profiles, formalized as $t=(1-\\rho)q+\\rho r$ and evaluated via $\\mathcal{R}(\\rho)=\\mathop{\\mathrm{D}}((1-\\rho)q+\\rho r\\|p)$. Three false-query strategies are analyzed: uniform sampling, a TrackMeNot-inspired generator, and a KL-divergence–minimizing optimizer, with an optimized method achieving substantial privacy gains at moderate overhead. A synthetic dataset of 1,000 users derived from real mobile app traces is used to quantify privacy-utility trade-offs, showing up to 100% privacy improvement for the majority of users at practical perturbation rates. The paper also proposes a modular, client-side architecture enabling practical deployment without third-party trust, highlighting the approach’s adaptability to dynamic DNS environments and its potential as a zero-trust privacy solution for individuals.
Abstract
Mobile applications continuously generate DNS queries that can reveal sensitive user behavioral patterns even when communications are encrypted. This paper presents a privacy enhancement framework based on query forgery to protect users against profiling attempts that leverage these background communications. We first mathematically model user profiles as probability distributions over interest categories derived from mobile application traffic. We then evaluate three query forgery strategies -- uniform sampling, TrackMeNot-based generation, and an optimized approach that minimizes Kullback-Leibler divergence -- to quantify their effectiveness in obfuscating user profiles. Then we create a synthetic dataset comprising 1,000 user traces constructed from real mobile application traffic and we extract the user profiles based on DNS traffic. Our evaluation reveals that a 50\% privacy improvement is achievable with less than 20\% traffic overhead when using our approach, while achieving 100\% privacy protection requires approximately 40-60\% additional traffic. We further propose a modular system architecture for practical implementation of our protection mechanisms on mobile devices. This work offers a client-side privacy solution that operates without third-party trust requirements, empowering individual users to defend against traffic analysis without compromising application functionality.
