Determine Causes of Observed Network Activity Discrepancies

Determine the exact causes of the observed discrepancies in network activity among the Android clients of Meta Messenger, Signal, and Telegram under the four controlled scenarios defined in the study (foreground/background with full/restricted permissions), specifically including Messenger’s substantially higher foreground data transmission and Telegram’s elevated foreground data reception under restricted permissions.

Background

The study performs dynamic analysis of three Android messaging apps (Meta Messenger, Signal, and Telegram) using tcpdump and kernel-level tracing (SliceDroid) across four controlled scenarios: foreground with full permissions, background with full permissions, foreground with no permissions, and background with no permissions. Network peers and bytes sent/received (TCP/UDP) are recorded and summarized.

The results reveal notable discrepancies: Messenger exhibits substantially higher foreground network transmission, Telegram shows markedly higher incoming traffic when running in the foreground without permissions, and Signal maintains the smallest overall network footprint. Despite documenting these patterns, the authors explicitly state that the exact causes of this behavior are left for future work, identifying a concrete unresolved question concerning causal attribution of the observed network activity.

References

We leave further investigation on the exact causes of this behavior to future work.

An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps  (2603.29668 - Karyotakis et al., 31 Mar 2026) in Subsubsection “Overall Network Activity,” Section 5.2 (Dynamic analysis)