Encrypted traffic limits payload inspection.
Modern Android traffic is mostly encrypted. MANTA studies what can still be detected from flow metadata without reading message contents.
Bachelor thesis · Metadata-only mobile traffic monitoring
MANTA measures the detection-privacy trade-off in encrypted Android traffic. The project asks whether flow metadata can provide useful anomaly signals while reducing the telemetry exported from the device.
Overall thesis
Modern Android traffic is mostly encrypted. MANTA studies what can still be detected from flow metadata without reading message contents.
The implementation captures local flow windows, scores anomalies, exports privacy-tiered telemetry, and evaluates model utility against privacy leakage.
The thesis compares full and reduced feature views, on-device models, backend models, and observer leakage under reproducible public-corpus experiments.
Architecture
VpnService-based Android capture, local feature windows, consent controls, and on-device anomaly scoring.
Export tiers decide which metadata features leave the device. Payload content is not inspected.
Authenticated ingest, queueing, policy sync, model control, triage, and analyst feedback endpoints.
Public-dataset training, privacy views, leakage benchmarks, calibration, and reproducible evidence exports.
Evaluation snapshot
MANTA reduces exported telemetry and measures the utility loss. It also documents that passive traffic analysis remains a serious limitation, even when payloads are never inspected.