PrivyShield is a research-driven prototype that reveals how your Android apps really behave, i.e., which trackers they contact, how often they talk to remote servers, and whether their permissions match what they actually do, all analysed locally on your device.
What is PrivyShield about?
Modern mobile apps often behave like black boxes. They collect data, contact tracking services and analytics endpoints, and run background processes that users never see. PrivyShield is a project that shines a light on this behaviour without requiring users to sacrifice their own privacy.
Using a local VPN and a set of lightweight on-device machine learning models, PrivyShield:
- Monitors network metadata to see who each app talks to.
- Maps connections to known or suspected trackers and profiling services.
- Compares requested permissions with actual behaviour to flag mismatches.
- Computes an easy-to-understand privacy risk score for each app.
All analysis happens on the device. No raw traffic, hostnames or personal identifiers are sent to our servers. Where global learning is helpful, we rely on federated learning, sending only anonymised model updates rather than user data.
Research goals & expected outcomes
The project explores how far we can go with privacy-preserving analytics on consumer devices:
- Feasible on-device models for traffic and behaviour analysis on low-power phones.
- Federated learning techniques that never require raw user data to leave the device.
- Human-friendly explanations of complex network and permission patterns.
- An open knowledge base of tracker behaviour and risk indicators.
At the end of the project we aim to deliver a robust prototype, publish our methods and findings, and contribute building blocks that can be reused by other privacy tools and research initiatives.
How we handle privacy
PrivyShield is built around a simple principle: your phone should defend your privacy without spying on you in the process. Concretely this means:
- All inspection is limited to metadata (IP addresses, domains, timing), not content.
- All analysis and scoring runs locally on the device.
- No personally identifiable information is collected or stored on our servers.
- Federated learning, where used, shares only model updates with added noise.
The project is committed to transparency: methods, data flows and models will be documented and, where possible, made open for review by the wider community.