Washington, Feb 23:
Without using location data, malicious software can track your smartphone simply by measuring the way it uses the power, computer scientists have reported.
Location data is closely guarded by many smartphone users.
That’s why the Android and iOS operating system prevent third party apps from accessing location data without the specific permission of the user.
But it turns out that malware can track you anyway, without this data, MIT Technology Review reported.
“Our approach enables known route identification, real-time tracking, and identification of a new route by only analysing the phone’s power consumption,” said Yan Michalevsky from the Stanford University in California.
The idea is that a smartphone’s power usage depends largely on the distance from the nearest base station.
As a user moves, this distance changes, increasing or decreasing the power needed to communicate with a base station.
Given several different potential routes, the power usage profile should reveal which the user has taken.
To find this out, Michalevsky and his colleagues created an Android app called PowerSpy that measures power usage.
They tested it on a number of Google Nexus 4 devices. In total, they took 43 different power usage profiles on four different routes each about 14 kms long.
They then analysed the power usage profiles to see if they could determine which route had been taken for each. It turned out they could do this with accuracy of 93 percent.
“We showed that applications that read the phone’s ampere meter can gain information about the location of a mobile device without accessing the GPS or any other coarse location indicators,” Michalevsky noted.
So what can be done to prevent this kind of spying?
One option is to prevent apps gaining access to power usage data at all.
Another option is to give apps access to power usage data other than those involved in radio communication.
“We suggest that supplying only measurements of the power consumed by the processors could be a reasonable tradeoff between functionality and privacy,” the authors concluded. IANS