Princeton researchers have developed a proof-of-concept app that can be used to reliably track users even if an app does not access a phone’s GPS data, and the user has purposely turned off GPS services.
Researchers say this is possible because modern phones come with a large number of accurate sensors that track a wealth of data that could be corroborated with external sources —such as elevation maps and weather data— and reconstruct a user’s movements.
Researchers create PinMe app
To prove such an attack was possible, the Princeton research team created an app called PinMe that they installed on the phones of three test subjects, using phones such as Galaxy S4 i9500, iPhone 6, and iPhone 6S.
The app was able to reconstruct the test subjects’ movements without accessing their phone’s GPS data.
For starters, the app collected the user’s IP address and WiFi connection information and checked it against public databases of WiFi networks to determine an approximate location of the users’ phone at regular intervals.
It then used data from gyroscopes, accelerometers, and altitude sensors to track how fast the person was moving, the direction of travel, when the subject stopped, and the current altitude. The app then aggregated all this data and used a pre-trained algorithm to determine the user’s mode of travel, such as walking, driving, train travel, or flying.
PinMe app uses public data to detect user’s location
Once the PinMe app determined the user’s initial location and mode of travel, it used publicly accessible maps to draw a user’s route. For example, PinMe used the OpenStreetMap public…