How Private is Android's Private DNS Setting? Identifying Apps by Encrypted DNS Traffic

Abstract: DNS over TLS (DoT) and DNS over HTTPS (DoH) promise to improve privacy and security of DNS by encrypting DNS messages, especially when messages are padded to a uniform size. Firstly, to demonstrate the limitations of recommended padding approaches, we present Segram, a novel app fingerprinting attack that allows adversaries to infer which mobile apps are executed on a device. Secondly, we record traffic traces of 118 Android apps using 10 different DoT/DoH resolvers to study the effectiveness of Segram under different conditions. According to our results, Segram identifies apps with accuracies of up to 72% with padding in a controlled closed world setting. The effectiveness of Segram is comparable with state-of-the-art techniques but Segram requires less computational effort. We release our datasets and code. Thirdly, we study the prevalence of padding among privacy-focused DoT/DoH resolvers, finding that up to 81% of our sample fail to enable padding. Our results suggest that recommended padding approaches are less effective than expected and that resolver operators are not sufficiently aware about this feature.