Last updated March 1st 2015
Thought your smartphone’s GPS is the only way for others to track your movements…? Think again. An alarming new study shows that information about the geolocation of Android phones can be retrieved simply by tracking your phone’s energy consumption over time – no GPS needed. Creepy? We thought so.
In other words, even if you turn your cellular data off, it is still possible for someone to track you, or spy on your moves, according to a study by researchers at Israeli defense technology company Rafael and Stanford University. The researchers dubbed this alternative positioning system “PowerSpy” and warned about the dangers of carrying a smartphone.
How does it work? Basically, a smartphone needs more power if it’s farther from a cell tower, and less energy when it’s closer to the tower. Collecting and analyzing this information helps researchers – or spies – to determine your location.
The researchers showed that even when the GPS on a phone is turned off, they could track it by collecting and analyzing the phone’s power use over time. Neither Wi-Fi connectivity nor cellular data were needed (as opposed to traditional tracking methods using cell towers). They did so by analyzing two innocuous-seeming files that check the battery’s voltage and current levels – files that are accessed by more than 150 applications in the Google Play Store.
A main cause of battery depletion is radio transmissions to a cell tower in its area. The researchers used the data stored in this cell towers and another study – demonstrating how a mobile phone uses more energy when its signal strength is weaker – to develop a “power profile” for a specific phone model (a Nexus 4) as it moved along a pre-defined route in a city. Overall, the researchers had a 90 percent success rate in tracking the phones; in an area with a greater concentration of cell towers, the rate went down to 78 percent.
Taking their experiment one step further, the researchers tested if PowerSpy could successfully track a smartphone, in real-time, along an unknown path. The algorithms broke up the phone’s power profile on defined roads into smaller segments, and then matched the phone’s real-time power data to string different segment profiles together. On a Nexus 4 running only a few apps, the phone was successfully tracked two-thirds of the time.
However, when PowerSpy was tested on a phone running many applications, its ability to exactly track the phone path went down to 20 percent, suggesting some limitations when phone use is heavy, but “considerably better than a random guess”, the authors of the paper note.
“Effectively devastate the concept of privacy”
“Although currently severely constrained by technological and practical limitations, the eventual potential ability to use what is essentially an unmonitored sensor (i.e., the battery) to avoid outing the software through the Android’s security–minded permissions system creates a real, albeit not novel, privacy concern,” Dov Greenbaum, head of The Zvi Meitar Institute for Legal Implications of Emerging Technologies at Israel’s Interdisciplinary Center, tells NoCamels. “More of a canary in a coalmine, as the Internet of Things (IoT) hurdles towards 50 billion online interconnected devices, apps like PowerSpy serve to highlight how, if wholly unregulated, the IoT will effectively devastate the concept of privacy as we know it.”
This Stanford-Rafael study joins a growing body of network security studies that show how the sensors in our smartphone can furtively be used to compromise our privacy. How can we protect ourselves from unwanted spying? Smartphone owners may add power consumption data to the list of functions that require user permission, and also notify the user of the privacy risks involved.