Back in November 2017, a team of Engineers from Princeton University created an app called PinME. The app was designed to demonstrate a way to track location information in autonomous cars and other forms of transportation to prevent GPS spoofing attacks. The app they used on a Samsung Galaxy S4 and a bunch of iPhones showed the ability to track a user’s location even if the GPS on the phone is turned off.
I Know Where you Went Last Summer
Most of us feel like we’re off-the-grid if we turned off location in our phone. Think again because the researcher’s have found a way to track you. The method incorporated in the PinME app shows shows that apps can be snooping on your location and travel patterns by reading data with a wealth of sensor and other data from the phone. The application uses machine learning to recognise different modes of travel like walking, driving and flying by gathering data from the phones sensor like speed, direction of travel, delay between movement and altitude.
The information from the phone’s IP address, time zone and the phone’s network status could be used to infer the user’s general location by inferring the last WiFi connection they were on. The data from the accelerometer and compass can tell the app the user’s speed and heading which can help track the user’s travel patterns. Air pressure readings from a barometer sensor can tell the altitude.
By reading this information at a rate of five times per second or less, this data is co-related with along with other sources of information like weather reports, maps and published schedules of airlines and public transport to get a pretty accurate guesstimate where the phone is and the mode of travel.
No Permission Required
Android and Apple devices require apps to ask the user for permission to access the GPS location function. This lets us control which apps know about our location. Unfortunately, the Princeton team has shown that the PinME app which doesn’t require any such permission can track the user’s location and travel patterns.
To read information from sensors doesn’t require any explicit permission on all the popular mobile platforms. This means that you’re not safe from the prying eyes of PinME style apps unless you completely turn off your phone.
PinME has shown us that Google and Android need add options their platforms to allow us to turn off the ability of apps to read sensor data. So until then, we cannot do much to apps from tracking our physical location apart from turning off our smartphones completely.
Sources:
- GPS is off so you can’t be tracked, right? Wrong
- Phones vulnerable to location tracking even when GPS services off
Featured Image Credit: Photo by slon_dot_pics from Pexels