On this page you can find information about the ANTIC experiment.

General Information

Dear reader,

On this page, we would like to inform you about the ANTIC research you have applied to participate in. The experiment will take place from the moment you turn on the ANTIC app and agree to the terms of service. The experiment finishes once you turn off ANTIC or after one month. You are free to turn ANTIC off and on throughout the experiment. In the proposed research, entitled ``Evolutionary intrusion detection of dynamic environments'', network activity of mobile-phone applications is measured. The aim of the research is twofold. The first aim is to establish whether regular applications can be distinguished from malware. The second aim is to observe to what extend applications change due to updates. The research could provide important insights into the way mobile applications produce network traffic and indicate possible alternatives to anti-virus solutions.

In the research, there are a number of important aspects which you should be aware of. First, as this experiment measures network traffic of applications, it is in principle possible to leak personally identifiable information (PII). To minimise the possibility of PII leaks, ANTIC only captures encrypted network traffic and further anonymises this traffic in accordance with the GDPR before any researcher, including us, has access. Moreover, if you feel uncomfortable sharing data of specific applications (such as your banking app) you can at all times pause/stop ANTIC from monitoring traffic for selected applications or pause/stop the experiment as a whole by completely turning off monitoring within ANTIC. Second, in order to measure the network activity of applications ANTIC will act as a VPN server. This means that you will receive a message asking you to allow ANTIC to act as a VPN. During the experiment, you will see a key symbol in the notifications area which you can click on to stop the experiment at all times. Only one VPN can be active at the same time, hence ANTIC will disable other active VPN connections and, vice versa, ANTIC will be disabled when setting up another VPN connection. It is important to stress that ANTIC cannot decrypt traffic, meaning that possible PII leaks are minimised. Third, ANTIC sends its anonymised measurements to our central database. This only happens when you are connected to WiFi, therefore ANTIC itself will not use any data from your dataplan. However, because ANTIC acts as a VPN server, it may look like ANTIC uses a lot of data. This is because many Android versions incorrectly account data of other applications to ANTIC instead of to the actual application producing the traffic. In this case, data usage of other applications will be zero. In addition, all measurements will be encrypted when sent to the server so that nobody but the researchers have access to this data. Fourth, if you would like to verify ANTIC, its source code is open-source and can be requested by sending an email to Finally, you can decide to stop at any point in the course of the experiment without this having any consequences for yourself and without giving any reasons by switching off measurement within ANTIC. In addition, you can still decide at the end of the research and up to 24 hours thereafter, that your data may not be included in the research after all. Other relevant aspects are that your data will be handled in a confidential manner. We do everything in our power to anonymise your data. Should you consent with this research, only an anonymised version of the dataset may be shared with other researchers. Unanonymised datasets will never be shared with third parties.

The experiment lasts for a maximum of one month and you can pause or stop the experiment at any time. It is important to know that most of the subjects participating in similar experiments find it very interesting. You are introduced to a different type of research than usual and you can even watch how much traffic applications on your device produce. At the end of the entire research, you may, if you so wish, be informed about the results obtained by sending an email to

Yours sincerely,

Researcher: Thijs van Ede, Services and Cyber-Security group. Zilverling 2042, Faculty of EEMCS, University of Twente. Tel: +31 6 5093 1245, email:
Supervisor: Dr. Andreas Peter. email:
Supervisor: Prof. Dr. Ir. Maarten van Steen. email:
Please contact Thijs van Ede ( for any questions regarding the experiment.
For queries, complaints or comments about the research, please contact J.M. Strootman - Baas. Tel: +31534896719, email:

Consent Form

Accepting the Terms and Conditions of the ANTIC app implies signing this consent form. You will also see this text in the ANTIC app itself.

I hereby declare that I am an adult and that I have been informed in a manner which is clear to me about the nature and method of the research as described in the aforementioned ANTIC information brochure. My questions have been answered to my satisfaction. I agree of my own free will to participate in this research. I reserve the right to withdraw this consent without the need to give any reason and I am aware that I may withdraw from the experiment at any time. If my research results are to be used in scientific publications or made public in any other manner, then they will be made completely anonymous. My personal data will not be disclosed to third parties without my express permission. If I request further information about the research, now or in the future, I may contact Thijs van Ede, via email ( If you have any complaints about this research, please direct them to the secretary of the Ethics Committee of the Faculty of Electrical Engineering, Mathematics and Computer Science at the University of Twente, J.M. Strootman - Baas, P.O. Box 217, 7500 AE Enschede (NL), telephone: +31534896719; email: Signed by form of tick box in ANTIC application.

University of Twente