Menu

NPA reference and glossary

This section provides reference information to help EMM and ISV developers integrate their apps with the NPA framework.

NPA data points

The NPA framework supports the observation of network behavior based on the following data flows:

  • uid: user identification number of the application which originated the network flow, such as 10052
  • pid: process identification number of the application which originated the network flow, such as 18484
  • puid: the user identification number of the parent to the application which originated the network flow, such as 0
  • src: the source IP address of the host which originated the network flow, such as 172.16.129.58
  • dst: the IP address of the host that is receiving the network flow, such as 216.58.194.206
  • sport: the source port number from which the network flow originates, such as 33045
  • dprot: the destination port number that is receiving the network flow, such as 443
  • protocol: the transport layer protocol used by the network flow
  • procname: the process name which originates the network flow, such as com.android.vending
  • prochash: the SHA 256 encryption hash of the process which originated the network flow
  • parentprocname: the name of the parent of the process which originated the network flow
  • bsent: the number of Layer 4 bytes sent during the flow
  • start: the start time of the network flow as measured in seconds since the epoch
  • end: the end time of the network flow as measured in seconds since the epoch
  • brecv: the number of Layer 4 bytes received during the flow
  • hostname: the fully qualified domain name of the destination IP address
  • ppid: the process identification number of the parent of the process which originated the network flow, such as 3384
  • dns uid: the user identifiction number of the application which oringiated the DNS request

Glossary of NPA terms

  • Network Platform Analytics (NPA): A framework and API implemented by Samsung to provide data about network traffic involving a managed mobile device. NPA does not provide access to the packet payloads so privacy is never compromised.
  • NPA Framework: Samsung's implementation of NPA on a mobile device which is used by the NPA client and EMM agent to manage data collection.
  • NPA Client: An app on the mobile device which implements NPA API in order to communicate with the NPA framework.
  • EMM Agent: An app installed on the mobile device by an EMM to help manage the device. The EMM agent needs to authorize the NPA client to recieve data points.
  • Profile Registration, Unregistration: The EMM associates (registers) a profile for the mobile device which defines the security and access privileges for the device. The NPA client starts receiving data points after registration. The EMM can also disassociate (unregister) the profile associated with the device, in which case, the NPA client stops receiving data points.
  • Data Points: The set of parameters which are observed by the NPA framework on the managed mobile device. The set is defined in NetworkAnalyticsConstants.DataPoints.
  • Process Hash: A data-point which provides the SHA 256 hash of the application that originated the network flow.
  • DNS_UID: When an app wants to make a DNS request in Android, it often delegates the responsiblity to a root module called netd. netd perfroms the DNS request on behalf of the app. DNS_UID is a NPA data point which provides the requesting app's UID instead of netd's information. The data point is only available for a DNS flow that uses destination port 53.

Example IPv4 data flow

The following example flow is generated through IPv4:

{"uid":"10179","pid":"28921","puid":"0","src":"172.16.129.58",
"dst":"216.58.194.194","sport":"54175","dport":"443","protocol":"17",
"procname":"com.google.android.youtube",
"prochash":"1F80486965C6E085A1D78EDA9A831925F98F1619FC105588414B5F2AD5B07963", "parentprocname":"zygote64","bsent":"5125","start":"1513198077",
"end":"1513198132","brecv":"4862","hostname":"securepubads.g.doubleclick.net",
"ppid":"3383"}

Example IPv6 data flow

The following example flow is generated through IPv6:

{"uid":"10120","pid":"26930","puid":"0",
			"src":"2607:fb90:a4ec:1ada:0000:0015:296c:b801","dst":"2a03:2880:f101:0083:face:b00c:0000:25de",
			"sport":"36240","dport":"443","protocol":"6","procname":"com.facebook.katana",
			"prochash":"2434DAC44C2B73BA4231AAF5AF51159DD47032201293A79C20B0C56D2D86392F",
			"parentprocname":"zygote","bsent":"1901","start":"1513205609","end":"1513205674",
		"brecv":"3779","hostname":"b-graph.facebook.com","ppid":"3384"}

Example IPv4 data flow through a DNS query

The following example flow is generated by an IPv4 DNS query:

{"uid":"0","pid":"3397","puid":"0","src":"172.16.129.58",
			"dst":"8.8.8.8","sport":"13327","dport":"53","protocol":"17",
			"procname":"\/system\/bin\/netd","parentprocname":"\/init","bsent":"38",
			"start":"1513203031","end":"1513203031","brecv":"106",
		"hostname":"8.8.8.8","dnsuid":"10110","ppid":"1"}

Example IPv6 data flow through a DNS query

The following example flow is generated by an IPv6 DNS query:

{"uid":"0","pid":"3397","puid":"0","src":"2607:fb90:a4ec:1ada:0000:0015:296c:b801",
			"dst":"fd00:976a:0000:0000:0000:0000:0000:0009","sport":"15972","dport":"53",
			"protocol":"17","procname":"\/system\/bin\/netd","parentprocname":"\/init",
			"bsent":"36","start":"1513205673","end":"1513205673","brecv":"98",
		"hostname":"fd00:976a:0000:0000:0000:0000:0000:0009","dnsuid":"10052","ppid":"1"}
Share it: