Analysis of location data leakage in the internet traffic of android-based mobile devices

Nir Sivan, Ron Bitton, Asaf Shabtai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

In recent years we have witnessed a shift towards personalized, context-based services for mobile devices. A key component of many of these services is the ability to infer the current location and predict the future location of users based on location sensors embedded in the devices. Such knowledge enables service providers to present relevant and timely offers to their users and better manage traffic congestion control, thus increasing customer satisfaction and engagement. However, such services suffer from location data leakage which has become one of today’s most concerning privacy issues for smartphone users. In this paper we focus specifically on location data that is exposed by Android applications via Internet network traffic in plaintext without the user’s awareness. We present an empirical evaluation involving the network traffic of real mobile device users, aimed at: (1) measuring the extent of relevant location data leakage in the Internet traffic of Android-based smartphone devices; (2) understanding the value of this data and the ability to infer users’ points of interests (POIs); and (3) deriving a step-by-step attack aimed at inferring the user’s POIs under realistic, real-world assumptions. This was achieved by analyzing the Internet traffic recorded from the smartphones of a group of 71 participants for an average period of 37 days. We also propose a procedure for mining and filtering location data from raw network traffic and utilize geolocation clustering methods to infer users’ POIs. The key findings of this research center on the extent of this phenomenon in terms of both ubiquity and severity; we found that over 85% of the users’ devices leaked location data, and the exposure rate of users’ POIs, derived from the relatively sparse leakage indicators, is around 61%.

Original languageEnglish
Title of host publicationRAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
PublisherUSENIX Association
Pages243-260
Number of pages18
ISBN (Electronic)9781939133076
StatePublished - 1 Jan 2019
Event22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019 - Beijing, China
Duration: 23 Sep 201925 Sep 2019

Publication series

NameRAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses

Conference

Conference22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019
Country/TerritoryChina
CityBeijing
Period23/09/1925/09/19

ASJC Scopus subject areas

  • General Computer Science
  • Safety, Risk, Reliability and Quality
  • Law
  • Safety Research

Fingerprint

Dive into the research topics of 'Analysis of location data leakage in the internet traffic of android-based mobile devices'. Together they form a unique fingerprint.

Cite this