To address the privacy threat posed by the difficulty of identifying user identities from encrypted Wi-Fi traffic, this paper proposes U-Print—the first system capable of inferring smartphone user identity solely from over-the-air MAC-layer wireless traffic. Unlike prior work that identifies only application-level behaviors, U-Print jointly models fine-grained user application preferences and interaction sequences, constructing multi-level traffic features and behavioral temporal patterns. It innovatively employs the silhouette coefficient to adaptively estimate the number of users and integrates a lightweight temporal convolutional network with k-means clustering for robust user fingerprinting. Evaluated end-to-end on real-world data collected using a Kali dual-band wireless adapter, U-Print achieves an overall accuracy of 98.4% (F1-score = 0.983). Under closed-set and open-set settings, application and operation recognition rates exceed 96% and 86%, respectively—significantly advancing the state-of-the-art in wireless-side user identification.

Due to the openness of the wireless medium, smartphone users are susceptible to user privacy attacks, where user privacy information is inferred from encrypted Wi-Fi wireless traffic. Existing attacks are limited to recognizing mobile apps and their actions and cannot infer the smartphone user identity, a fundamental part of user privacy. To overcome this limitation, we propose U-Print, a novel attack system that can passively recognize smartphone apps, actions, and users from over-the-air MAC-layer frames. We observe that smartphone users usually prefer different add-on apps and in-app actions, yielding different changing patterns in Wi-Fi traffic. U-Print first extracts multi-level traffic features and exploits customized temporal convolutional networks to recognize smartphone apps and actions, thus producing users'behavior sequences. Then, it leverages the silhouette coefficient method to determine the number of users and applies the k-means clustering to profile and identify smartphone users. We implement U-Print using a laptop with a Kali dual-band wireless network card and evaluate it in three real-world environments. U-Print achieves an overall accuracy of 98.4% and an F1 score of 0.983 for user inference. Moreover, it can correctly recognize up to 96% of apps and actions in the closed world and more than 86% in the open world.