DNS Query Forgery: A Client-Side Defense Against Mobile App Traffic Profiling
Mobile applications continuously generate DNS queries that can reveal sensitive user behavioral patterns even when communications are encrypted. This paper presents a privacy enhancement framework based on query forgery to protect users against profiling attempts that leverage these background communications. We first mathematically model user profiles as probability distributions over interest categories derived from mobile application traffic. We then evaluate three query forgery strategies -- uniform sampling, TrackMeNot-based generation, and an optimized approach that minimizes Kullback-Leibler divergence -- to quantify their effectiveness in obfuscating user profiles. Then we create a synthetic dataset comprising 1,000 user traces constructed from real mobile application traffic and we extract the user profiles based on DNS traffic. Our evaluation reveals that a 50\% privacy improvement is achievable with less than 20\% traffic overhead when using our approach, while achieving 100\% privacy protection requires approximately 40-60\% additional traffic. We further propose a modular system architecture for practical implementation of our protection mechanisms on mobile devices. This work offers a client-side privacy solution that operates without third-party trust requirements, empowering individual users to defend against traffic analysis without compromising application functionality.
View on arXiv@article{jimenez-berenguel2025_2505.09374,
title={ DNS Query Forgery: A Client-Side Defense Against Mobile App Traffic Profiling },
author={ Andrea Jimenez-Berenguel and César Gil and Carlos Garcia-Rubio and Jordi Forné and Celeste Campo },
journal={arXiv preprint arXiv:2505.09374},
year={ 2025 }
}