Acquired Electronics360

Consumer Electronics

Are Your Android Apps Secretly Tracking Your Location?

11 August 2016

Researchers led by Northeastern University professor Guevara Noubir have discovered that some of your Android apps may automatically be communicating sensitive information, such as your travel routes, through your phone’s built-in sensors.

If you recall, three years ago the Brightest Flashlight app for Android was charged by the Federal Trade Commission for consumer deception since the app was relaying user location and device ID to third parties without letting users know or getting permission to do so.

The new research has revealed that other Android apps can be manipulated to reach inside your mobile phone to track your location and traffic patterns – all without your knowledge or consent.Researchers reveal that some Android apps may automatically transmit information such as travel routes via the phone’s built-in sensors. (Image Credit: Younghee Jang/Northeastern University)Researchers reveal that some Android apps may automatically transmit information such as travel routes via the phone’s built-in sensors. (Image Credit: Younghee Jang/Northeastern University)

How did they discover this? The researchers built their own Android app and tested it. Their system used an algorithm that inserts data from the phone’s sensors into graphs of the world’s roads. They then applied the algorithm to different si­ulated and real road­trips. For each trip, the system generated the five most likely paths taken. Their most recent results found that there was a 50% chance that the actual path traveled was one of the five.

“Our research shows that an Android app does not need your GPS or Wi-Fi to track you. Just using its sensors, we can infer where you live, where you have been, where you are going,” said Noubir.

According to Noubir, this means that for just about $25, anyone can put an app on Google Play and some of them may be malicious since nobody is screening them.

If an Android app wants to access this kind of sensitive information, typically it must let the user know. However, permissions tend to be buried in terms-of-use agreements, which a lot of people don’t read, or skim over quickly.

Android apps can then have access to key sensors inside of the phone that detect the device’s location, movements, and orientation and these sensors can provide clues about routes you travel and even whether or not you keep your phone in your pocket or your purse (think: the phone is stable or it’s swinging).

“In our research we show that an app in fact does not need your GPS or Wi-Fi to track you,” said Noubir. “Just using these sen­sors, which do not require per­mis­sions, we can infer where you live, where you have been, where you are going.”

The researchers conducted two types of tests by simulating drives in 11 cities around the world, which included over 70 different routes. In both tests they collected scores of measurements which came from the phones’ changing positions, including the angles of turns and the trajectory of curves.

Their most current results surpassed their initial ones, which were published in the proceedings of the 2016 IEEE Symposium on Security and Privacy, showing a 50% chance that the actual path traveled was one of 10 generated.

“Inferring a driving pattern from an Android app can lead to much greater invasions of privacy, such as where the user lives and works,” said Noubir. “Adver­saries can recover lots of details through these side channels.”

What can you do?

According to Noubir, for users to protect themselves, they should first be armed with knowledge. Do not download apps that you haven’t looked into or that are unfamiliar, he advises.

In addition, make sure that your apps are not running in the background when you’re not using them and un-install apps that you don’t use often to avoid having them access your sensors for no reason.

To contact the author of this article, email Nicolette.Emmino@ieeeglobalspec.com


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement

CALENDAR OF EVENTS

Date Event Location
30 Nov-01 Dec 2017 Helsinki, Finland
23-27 Apr 2018 Oklahoma City, Oklahoma
18-22 Jun 2018 Honolulu, Hawaii
Find Free Electronics Datasheets
Advertisement