I am working on a project to detect whether images uploaded by Android applications may leak personal privacy.If I can monitor the plaintext traffic of software uploading images, or monitor the behavior of software uploading images and obtain these images, I could use models like DRAG to try to identify whether the image leaks privacy. Is there anything wrong with my approach?
I've tried using eBPF programs to capture traffic before SSL encryption. If successful, I would be able to identify and monitor the images uploaded by applications. I have set up a Debian virtual machine on an Android phone and hooked the ssl_write system call, but it seems I cannot obtain the plaintext of the traffic before SSL encryption. Are there any other methods? (I am not a native English speaker, and this is my first time asking. If there are any issues, please let me know. Thank you!)