Studying location privacy in mobile applications

2009

2009). Studying location privacy in mobile applications: 'predator vs. prey' probes.

GeoInformatica, 2014

Location privacy in mobile, location-aware applications is a prominent research topic spanning across different disciplines and with strong societal implications and expectations. The tumultuous growth of the mobile applications market over the past few years has however hindered the development of a systematic organization and classification of location privacy concepts. In this paper we focus on one of the key concepts, i.e. location privacy metric. We survey existing approaches to the measurement of location privacy and propose a classification framework. The notion of location privacy metric, however, cannot be fully understood without describing the context in which these metrics are used. To that extent we elaborate on the notions of application model and privacy model. The ultimate goal is to contribute to the specification of a conceptual framework for location privacy.

2004

Abstract Location awareness, the ability to determine geographical position, is an emerging technology with both significant benefits and important privacy implications for users of mobile devices such as cell phones and PDAs. Location is determined either internally by a device or externally by systems and networks with which the device interacts, and the resultant location information may be stored, used, and disclosed under various conditions that are described.

2009

Mobile phones are increasingly becoming tools for social interaction. As more phones come equipped with location tracking capabilities, capable of collecting and distributing personal information (including location) of their users, user control of location information and privacy for that matter, has become an important research issue. This research first explores various techniques of user control of location in location-based systems, and proposes the re-conceptualisation of deception (defined here as the deliberate withholding of location information) from information systems security to the field of location privacy. Previous work in this area considers techniques such as anonymisation, encryption, cloaking and blurring, among others. Since mobile devices have become social tools, this thesis takes a different approach by empirically investigating first the likelihood of the use of the proposed technique (deception) in protecting location privacy. We present empirical results (...

Proceedings of the 3rd ACM SIGSPATIAL …, 2010

Security and privacy issues for Location-Based Services (LBS) and geolocation-capable applications often revolve around designing a User Interface (UI) such that users are informed about what an application is doing and have the ability to accept or decline. However, in a world where applications increasingly draw on a wide variety of LBS providers on the back-end, and where more and more applications are using small-screen or even screenless devices, UI-centered views of designing security and privacy are no longer sufficient. In this position paper, we describe the increasingly varied landscape of platforms that users face today and the privacy issues of each. We argue for a service-oriented approach, so that security and privacy issues are described and negotiated in a machine-readable way, and can thus be adapted to new platforms and UIs more easily. While User Experience (UX) is important, we believe it should be derived from a service-oriented view, instead of being designed for each platform individually.

IEEE Systems Journal, 2013

Mobile telephony (e.g., Global System for Mobile Communications [GSM]) is today's most common communication solution. Due to the specific characteristics of mobile communication infrastructure, it can provide real added value to the user and various other parties. Location information and mobility patterns of subscribers contribute not only to emergency planning, general safety, and security, but are also a driving force for new commercial services. However, there is a lack of transparency in today's mobile telephony networks regarding location disclosure. Location information is generated, collected, and processed without being noticed by subscribers. Hence, by exploiting subscriber location information, an individual's privacy is threatened. We develop a utility-based opponent model to formalize the conflict between the additional utility of mobile telephony infrastructure being able to locate subscribers and the individual's privacy. Based on these results, measures were developed to improve an individual's location privacy through a user-controllable GSM software stack. To analyze and evaluate the effects of specific subscriber provider interaction, a dedicated test environment will be presented, using the example of GSM mobile telephony networks. The resulting testbed is based on real-life hardware and opensource software to create a realistic and defined environment that includes all aspects of the air interface in mobile telephony networks and thus, is capable of controlling subscriber-provider interaction in a defined and fully controlled environment.

The field of ubiquitous computing envisages an era when the average consumer owns hundreds or thousands of mobile and embedded computing devices. These devices will perform action based on the context of their users, and therefore ubiquitous system will gather, collate and distribute much more personal information about individuals then computers do today. Location information is a particularly useful form of context in ubiquitous computing, yet its unconditional distribution can be very invasive. This dissertation takes a different approach and argues that many location-aware applications can be function with anonymised location data and that, where this is possible, its use is preferable to that of access control.

Dynamic & mobile GIS: investigating change …, 2006

2011

Abstract Issues in the development of location privacy theory are identified and organized based on both technological considerations and more general privacy theories. Three broad categories containing six issues are described: location (including sensing methods and location properties), privacy (including definition and subject identification), and information flows (from location information acquisition through storage, use, and sharing).

2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE), 2018

The development of positioning technologies has digitalized people's mobility traces for the first time in history. GPS sensors resided in people's mobile devices allow smart apps to access location data. This large amount of mobility data can help to build appealing applications. Meanwhile, location privacy has become a major concern. In this paper, we design a general system to assess whether an app is vulnerable to location inference attacks. We utilize a series of automatic testing mechanisms including UI match and API analysis to extract the location information an app provides. According to different characteristics of these apps, we classify them into two categories corresponding to two kinds of attacks, namely attack with distance limitation (AWDL) and attack without distance limitation (AWODL). After evaluating 800 apps, of which 109 passed automated testing, we found that 24.7% of the passing apps are vulnerable to AWDL and 11.0% to AWODL. Moreover, some apps even ...