Location alert: Mobile apps with location access can expose your personal data - here's how
New Delhi (The Uttam Hindu): Mobile apps that ask for location access can leak important personal information, including your activity, surroundings and even the layout of the room or floor you are on, according to a startling study by researchers at the Indian Institute of Technology (IIT) Delhi on Thursday.
The study, published in the journal ATM Transactions on Sensor Networks, focused on AndroCon—the first system to demonstrate that pre-existing “fine-grained” GPS data can act as a covert sensor for Android apps with precise location permissions.
Without using cameras, microphones, or motion sensors, AndroCon can interpret nine low-level GPS parameters—such as Doppler shift, signal power, and multipath interference—to detect whether someone is sitting, standing, lying down, inside a metro, on a flight, in a park, or in a crowded open space. Researchers led by Soham Nag, an M.Tech student at IIT Delhi's Centre of Excellence in Cyber Systems and Information Assurance, said they can also detect whether a room is crowded or empty.
To transform noisy raw data into clean information, the team combined classical signal processing with modern machine learning. Smriti R. Sarangi, Professor at the Department of Computer Science and Engineering, IIT Delhi, said, “In a year-long study, conducted across 40,000 square kilometers and using many different phones, AndroCon was able to detect the surrounding environment with 99 percent accuracy and human movements with 87 percent accuracy. It was even able to detect small movements like hand movements near the phone.” The same framework can also create indoor floor maps with an error margin of less than 4 meters using only GPS patterns and user trajectories. It can identify rooms, stairs, and elevators.
While AndroCon opens up exciting possibilities for context-aware, privacy-conscious smart services, it also exposes a serious security flaw. The team said that any Android app with precise location permissions could infer sensitive context information without the user's explicit consent. Sarangi added, "This study reveals an overlooked aspect of GPS: a powerful yet quiet channel for sensing the world around us. AndroCon unexpectedly transforms the everyday smartphone into a scientific tool and reminds us that even the most familiar technologies have hidden secrets that can be misused."