Most Android smartphone owners probably feel secure knowing that apps must ask permission to access their location. That sense of security is misplaced, say U.S. and Israeli researchers who have figured out how to track smartphone owners based on a mobile device’s battery use alone.
The tracking concept works by measuring the overall power consumption of a phone, but it’s really focusing on the power used by the phone’s cellular radio. Cellular radio power consumption depends upon the distance to the nearest cellular tower and any obstacles between the phone and tower. That combination of factors creates a unique power consumption profile for each geographic location, allowing researchers at Stanford University and the National Research and Simulation Center of Rafael Ltd., an Israeli defense company, to match power consumption with locations. They detailed their work in a paper published on the arXiv preprint server.
"We are approaching the point where the only safe way to use your phone is to pull the battery out—and not all phones let you do that," said Alan Woodward, a computer scientist at Surrey University in the UK, in a BBC News interview.
This might sound like the end of any semblance of privacy, but the new approach does come with severe limitations. Any potential attacker must first know the area or routes that a victim usually travels, so that he or she can learn the power consumption profiles associated with certain locations beforehand. The tracking method also only works as long as the victim is on the move rather than staying in one spot.
Researchers also had to develop algorithms that could screen out the “noise” of other smartphone functions to focus on the cellular radio’s power consumption. That meant learning to ignore power-consuming actions such as launching apps, listening to music, receiving phone calls, and so on. The algorithms used machine learning techniques to home in on the cellular radio’s power consumption signature after measuring a phone’s overall power consumption for several minutes.
Still, the method allows a malicious app to quietly track victims without seeking permission for access to location based on GPS (or the much rougher location approximations based on cellular and WiFi connectivity). The app only needs common permissions for network connectivity and access to the phone’s power data; things unlikely to raise a smartphone user’s suspicions.
The demonstration involved a “PowerSpy” app loaded onto Nexus 4 phones running the Android operating system. But researchers suggested that iPhones running iOS could be vulnerable to similar schemes. Next up, they hope to move beyond their 3G network demonstration and try showing similar results on 4G LTE networks.
PowerSpy is just one of several ways people can use phone data and sensors in unexpected ways to compromise user privacy. Past examples include SurroundSense [pdf], a way to use nearby sound and light to track mobile phones, and the Gyrophone study, which demonstrated how to eavesdrop on conversations and identify individual speakers by using the gyroscopes on smartphones.