Product showcase: PCAPdroid analyzes Android app network activity

PCAPdroid is a free, open-source Android app that allows inspection of network traffic. Installation is straightforward and does not require creating an account. To begin capturing traffic, a VPN request must be accepted, which allows the app to monitor network activity. Once permission is granted, tapping the play button starts PCAPdroid, which then runs in the background until stopped.

Viewing connections

The Connections tab displays active and past connections. For each entry, it shows which app opened the connection, the protocol in use, the destination address, and the current state.

The Apps view provides a breakdown of traffic by application. Selecting an app reveals details such as install date, version, permissions, and other metadata.

Capturing and exporting traffic

PCAPdroid supports multiple dump modes for handling captured traffic. Traffic can be viewed live in the app without saving, or stored locally as a PCAP file. Captures can also be shared through a local web page for download on another computer. For live analysis, traffic may be forwarded to another machine over UDP or TCP.

The app also extracts useful information directly from captured traffic, including DNS requests, TLS server names, HTTP requests, and URLs when available. For common protocols such as HTTP, built-in decoders make it possible to read requests and responses without exporting the data.

TLS decryption

PCAPdroid can attempt to decrypt HTTPS/TLS traffic so encrypted data becomes readable. This feature is enabled in the settings and requires completing a setup process that installs a helper add-on and a certificate on the device. PCAPdroid relies on mitmproxy internally, and specific apps must be selected for decryption. Not all apps support this process, and some actively block it, but when successful, decrypted traffic can be viewed and exported.

PCAPdroid fits well for security-minded users who want visibility into Android network activity.