Smartphones can disclose locations through non-location sensors when combined with algorithms and iffy apps, researchers say. And the device doesn’t need to have traditional location services such as GPS and network positioning turned on, or even ask your permission.
The scientists from Northeastern University documented a number of roads and then drove real and simulated routes on them. They found that the phones in use knew where they were, without using the GPS or the other radios traditionally used for location reporting.
“Changing positions, including the angles of turns and the trajectory of curves” derived from sensors, which include the accelerometer, were enough to provide data that gave locations away sometimes, the scientists from Northeastern University claim.
Sensors like the gyroscope and accelerometer are normally installed in phones to judge the orientation of the device. The gyroscope is more fine-tuned and tracks twisting velocity. A magnometer, which was also used in this study, is a compass.
+ Also on Network World: How iOS, Android apps share your data without notifications +
The computer scientists’ experiment, in this case, didn’t simply replicate already-known leaky app-location reporting tests. Those tests, conducted in the past, have discovered that apps such as iffy flashlight ones have simply ignored Android permissions and reported locations surreptitiously.
In this case, though, the scientists say they didn’t need the traditional location sensors, just a dodgy app they wrote themselves, which they claim to be able to get published and made publicly available, the sensors and an algorithm.
"In our research we show that an app, in fact, does not need your GPS or Wi-Fi to track you,” says Northeastern professor Guevara Noubir in an article published on Northeastern University's website.
The team generated their results by producing a graph from the publicly available OpenStreetMap road database. Eleven cities were used to obtain simulated potential routes that the researchers created with an algorithm.
They were able to “output a shortlist of 10 routes containing the traveled route” with more than 50 percent probability, the team’s paper says (PDF).
A second type of test that involved driving 1,000 kilometers along 70 different routes in two Massachusetts cities provided similar location results. The phone's physical movements gave away the locations in many cases.
It's a touchy subject. Most Americans (70 percent) don’t even want mobile network operators to “use their location to tailor ads,” a past survey, unrelated to this one, found.
But pillaging personal data, such as location, which can give away valuable information—your home and workplace—is an increasingly popular pastime. Marketers gain insight from the results, for one thing.
And simple behavior, such as sleep cycles from fitness products or commuting schedules stored by bots, could one day be used to identify people because real-world movements can be so unique. It can be easy to identify someone in a dataset, experts say.
“The performance results of our algorithms, both simulations and experimental, indicate that in most cities a significant number of users are vulnerable to tracking by seemingly innocuous applications that do not request permissions to any sensitive information,” the researchers' paper says.
This article is published as part of the IDG Contributor Network. Want to Join?