Location Tracking Using Smartphone Accelerometer and Magnetometer Traces Khuong An Nguyen Department of Computer Science, Royal Holloway, University of London Egham, United Kingdom Khuong.Nguyen@rhul.ac.uk Raja Naeem Akram, Konstantinos Markantonakis ISG-SCC, Royal Holloway, University of London Egham, United Kingdom r.n.akram,k.markantonakis@rhul.ac.uk Zhiyuan Luo, Chris Watkins Department of Computer Science, Royal Holloway, University of London Egham, United Kingdom Zhiyuan.Luo,C.J.Watkins@rhul.ac.uk ABSTRACT We demonstrate a breach in smartphone location privacy through the accelerometer and magnetometer’s footprints. The merits or oth- erwise of explicitly permissioned location sensors are not the point of this paper. Instead, our proposition is that other non-location- sensitive sensors can track users accurately when the users are in motion, as in travelling on public transport, such as trains, buses, and taxis. Through feld trials, we provide evidence that high ac- curacy location tracking can be achieved even via non-location- sensitive sensors for which no access authorisation is required from users on a smartphone. KEYWORDS Smartphone, Location Tracking, Privacy, Zero-Permission Apps. ACM Reference Format: Khuong An Nguyen, Raja Naeem Akram, Konstantinos Markantonakis, and Zhiyuan Luo, Chris Watkins. 2019. Location Tracking Using Smart- phone Accelerometer and Magnetometer Traces. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) (ARES ’19), August 26ś29, 2019, Canterbury, United Kingdom. ACM, New York, NY, USA, 9 pages. https://doi.org/10.1145/3339252.3340518 1 INTRODUCTION With the growing use of smartphones 1 and smartphone Apps, peo- ple are no longer just defned by who they are but also by where they are (location) and what activity they are taking part in (social networking/games). Many of the services provided by feature-rich smartphone Apps require access to your location ś to serve your needs better. For example, Strava, a ftness App, revealed the lo- cation and stafng of military bases and spy outposts around the world. Strava collects the GPS information about their users’ activi- ties (walking, running and cycling) and charts them over a map - which was made public. 1 A handset that can host and run applications, with additional features than just basic text and voice call. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proft or commercial advantage and that copies bear this notice and the full citation on the frst page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specifc permission and/or a fee. Request permissions from permissions@acm.org. ARES ’19, August 26ś29, 2019, Canterbury, United Kingdom © 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM. ACM ISBN 978-1-4503-7164-3/19/08. . . $15.00 https://doi.org/10.1145/3339252.3340518 A study published by AT&T [5] in 2010 showed that 19 out of 20 mobile online social networks shared location information with third parties in a way that enabled easy identifcation of individual users. Another revelatory example of the current situation on location privacy is the łPleaseRobMe 2 ž that aggregated information from Foursquare 3 and other location services to identify homes that were empty ś due to łoversharingž [7] of location information, home- owners have revealed that no one is at home. Such an emergent privacy threat is referred to as łCybercasingž [3, 10]. Two of the major smartphone platforms (Apple iOS and Google Android) have deployed the user’s explicit opt-in scheme for mo- bile sensors. In this scheme, a user is asked whether (s)he would permit an application to use a particular sensor. For this scheme, the sensors present in smartphones are categorised into sensors that require permission and sensors that do not. An application that uses sensors from the latter category (that does not require permission) is referred to as permission-less mobile App in this paper. In some prior work (discussed succinctly in Section 2.2), it has been shown that some of the sensors that do not require permissions can be used to inference the location of a user. However, in this paper, we explore the possibility of tracking a users journey over public transport using a permission-less mobile App. The case scenario we consider relates to users being commuting either via a train, bus and/or taxi and based on non-location-sensitive sensors. 1.1 Paper’s Contributions The prime proposition of the paper is that non-location sensitive sensors used by a permission-less mobile App can accurately (to a high degree of confdence) location track users over public transport. In this respect, this paper contributes: (1) A novel scenario where an adversary may mimic the sensor trace of a victim on a bus, by tailing him in a car behind in busy trafc. Additionally, we examine the data collection for four diferent sets of scenarios related to public transport, in which both the adversary and the victim are travelling on: a) a train, b) a taxi, c) a bus. 2 A website that states on their website łOur intention is not, and never has been, to have people burgled". Website: http://pleaserobme.com 3 A mobile App that provides local search and discovery features about local attractions, best eateries and other facilities - based on user feedback. Since this revelation, they have changed their privacy policies.