A recent investigation conducted by IIT Delhi has unveiled that Android applications equipped with precise location access possess the capability to gather significantly more information than users might anticipate. By delving into low-level GPS signals, the research reveals that these apps can discern whether an individual is indoors or outdoors, identify crowded environments, and even analyze room layouts and user activities—all without the need for the phone’s camera or microphone. This revelation raises important privacy concerns, as any application granted fine-grained location permissions may extract sensitive information without the user’s explicit awareness, as reported by TOI.
What the study found
The researchers meticulously examined subtle variations in GPS data, such as signal strength, noise, and frequency shifts, to gain insights into a user’s environment and behavior. This exploration transcends conventional navigation purposes, tapping into the continuous GPS signals that smartphones receive in the background.
The study, spearheaded by MTech student Soham Nag and Professor Smruti R Sarangi from IIT Delhi’s Centre of Excellence in Cyber Systems and Information Assurance, utilized a system named AndroCon. This innovative framework employs nine low-level GPS parameters, including Doppler shift, multipath interference, and power variations, to detect user activity and contextual information. It can ascertain whether a person is sitting, standing, lying down, walking, traveling on public transport, or situated in a crowded location. Additionally, it can determine if a room is occupied or vacant.
How the system works
The research team ingeniously combined traditional signal processing techniques with machine learning to transform noisy GPS inputs into comprehensive insights. The AndroCon framework is capable of mapping indoor spaces, such as rooms and staircases, with an impressive accuracy margin of less than four meters, relying solely on GPS patterns and movement trajectories.
“Over the course of a year-long study covering 40,000 square kilometers and involving various smartphone models, AndroCon achieved up to 99% accuracy in identifying surroundings and over 87% accuracy in recognizing human activities—even capturing subtle gestures like hand movements near the device,” stated Professor Smruti R Sarangi.
Privacy risk highlighted
While the AndroCon system has the potential to facilitate the development of context-aware applications without resorting to intrusive sensors, the researchers emphasize the accompanying privacy risks. Any Android application with precise location access could potentially harvest contextual data without user consent. “This study reveals an unseen side of GPS—a silent yet powerful sensing channel,” Professor Sarangi remarked. “AndroCon transforms an ordinary smartphone into an unexpectedly precise scientific instrument, serving as a reminder that even familiar technologies can harbor hidden risks when misused.” The findings of this study have been published in the ACM Transactions on Sensor Networks.
