PowerSpy: Location Tracking using Mobile Device Power Analysis
This reveals a significant privacy leak for mobile users, as location tracking can occur without user consent or notification, highlighting a vulnerability in current mobile platforms.
The authors tackled the problem of inferring a user's location from aggregate mobile device power consumption data, which requires no permissions, and demonstrated that machine learning algorithms can successfully achieve this inference despite the data's noise.
Modern mobile platforms like Android enable applications to read aggregate power usage on the phone. This information is considered harmless and reading it requires no user permission or notification. We show that by simply reading the phone's aggregate power consumption over a period of a few minutes an application can learn information about the user's location. Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications that simultaneously consume power. Nevertheless, by using machine learning algorithms we are able to successfully infer the phone's location. We discuss several ways in which this privacy leak can be remedied.