Saved in:
Bibliographic Details
Main Authors: Jimenez-Berenguel, Andrea, Campo, Celeste, Moure-Garrido, Marta, Garcia-Rubio, Carlos, Díaz-Sanchez, Daniel, Almenares, Florina
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.09537
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909782030417920
author Jimenez-Berenguel, Andrea
Campo, Celeste
Moure-Garrido, Marta
Garcia-Rubio, Carlos
Díaz-Sanchez, Daniel
Almenares, Florina
author_facet Jimenez-Berenguel, Andrea
Campo, Celeste
Moure-Garrido, Marta
Garcia-Rubio, Carlos
Díaz-Sanchez, Daniel
Almenares, Florina
contents The rapid evolution of mobile security protocols and limited availability of current datasets constrains research in app traffic analysis. This paper presents PARROT, a reproducible and portable traffic capture system for systematic app traffic collection using Android Virtual Devices. The system provides automated environment setup, configurable Android versions, traffic recording management, and labeled captures extraction with human-in-the-loop app interaction. PARROT integrates mitmproxy for optional traffic decryption with automated SSL/TLS key extraction, supporting flexible capture modes with or without traffic interception. We collected a dataset of 80 apps selected from the MAppGraph dataset list, providing traffic captures with corresponding SSL keys for decryption analysis. Our comparative analysis between the MAppGraph dataset (2021) and our dataset (2025) reveals app traffic pattern evolution across 50 common apps. Key findings include migration from TLSv1.2 to TLSv1.3 protocol, with TLSv1.3 comprising 90.0\% of TCP encrypted traffic in 2025 compared to 6.7\% in 2021. QUIC protocol adoption increased substantially, with all 50 common apps generating QUIC traffic under normal network conditions compared to 30 apps in 2021. DNS communications evolved from predominantly unencrypted Do53 protocol (91.0\% in 2021) to encrypted DoT protocol (81.1\% in 2025). The open-source PARROT system enables reproducible app traffic capture for research community adoption and provides insights into app security protocol evolution.
format Preprint
id arxiv_https___arxiv_org_abs_2509_09537
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle PARROT: Portable Android Reproducible traffic Observation Tool
Jimenez-Berenguel, Andrea
Campo, Celeste
Moure-Garrido, Marta
Garcia-Rubio, Carlos
Díaz-Sanchez, Daniel
Almenares, Florina
Networking and Internet Architecture
The rapid evolution of mobile security protocols and limited availability of current datasets constrains research in app traffic analysis. This paper presents PARROT, a reproducible and portable traffic capture system for systematic app traffic collection using Android Virtual Devices. The system provides automated environment setup, configurable Android versions, traffic recording management, and labeled captures extraction with human-in-the-loop app interaction. PARROT integrates mitmproxy for optional traffic decryption with automated SSL/TLS key extraction, supporting flexible capture modes with or without traffic interception. We collected a dataset of 80 apps selected from the MAppGraph dataset list, providing traffic captures with corresponding SSL keys for decryption analysis. Our comparative analysis between the MAppGraph dataset (2021) and our dataset (2025) reveals app traffic pattern evolution across 50 common apps. Key findings include migration from TLSv1.2 to TLSv1.3 protocol, with TLSv1.3 comprising 90.0\% of TCP encrypted traffic in 2025 compared to 6.7\% in 2021. QUIC protocol adoption increased substantially, with all 50 common apps generating QUIC traffic under normal network conditions compared to 30 apps in 2021. DNS communications evolved from predominantly unencrypted Do53 protocol (91.0\% in 2021) to encrypted DoT protocol (81.1\% in 2025). The open-source PARROT system enables reproducible app traffic capture for research community adoption and provides insights into app security protocol evolution.
title PARROT: Portable Android Reproducible traffic Observation Tool
topic Networking and Internet Architecture
url https://arxiv.org/abs/2509.09537