Flying clocks and draining batteries: Two very different methods your phone can use to find your location (Part 2)
This article was written by Asher Gibson, Policy Officer.
Did you know that it’s possible to determine information about your location just by looking at your phone’s battery usage? The good news is that this technique, which researchers from Stanford University and Rafael Advanced Defense Systems have dubbed PowerSpy, only works under specific circumstances.
So how does this work?
The further you are from a base station (the antenna things that give you 4G) and the more obstacles in the way (trees, buildings etc.) the worse your signal will be. The worse your signal is, the more power your phone will use to communicate with it. The cellular radio in your phone is responsible for this, and it is one of the biggest drainers of your battery. The difference in power usage between standing next to one of these towers and being just on the edge of its range is massive. The battery usage data on Android devices is aggregated, meaning that apps can see how much power is being used, but not what specifically is using it. If enough battery data is provided (at least a couple of minutes), then the PowerSpy machine learning algorithm can ignore enough of the ‘noise’ caused by apps and other parts of your phone to isolate the power usage of the cellular radio. It can do this even if you are heavily using your battery by listening to music and chatting with people at the same time. This is possible because there are very few things apart from signal strength that correlate your power usage and your location.
As you walk along a route, your phone’s battery will drain at different rates depending on your signal strength. If geolocation is enabled, a power profile of this route can be made, tracking how much power is being used in different locations. If you walk along a route multiple times, the varying battery usage should be the same because the varying signal strength is the same.
What exactly can PowerSpy do?
Assuming there is an existing power profile of the area.
Say on the weekend you have a bunch of places that you like to travel to – sometimes you go to the park, the movies, the shops, your friend’s place and so on. This algorithm can determine which route you are taking (i.e. where you are going), without using GPS or any other geolocation methods, with up to 85% accuracy.
Real time route tracking
Say you are travelling to work using your normal route that you take most days. After only two minutes of watching your battery usage, PowerSpy can determine your location to within 1 km, 90% of the time.
Identifying new routes
Say instead of going straight home after work, you decide to take a scenic walk by the river before walking through previously untraveled streets to get home, something that you have never done before. PowerSpy can identify up to 45% of the route you took, even though you have never taken it before. It can also identify your final location (i.e. your home) with up to 80% accuracy.
The big limitation of this algorithm is that it requires existing power profiles on the routes you are taking to identify them. But it doesn’t have to be you who is gathering the battery data – the power usage of different phones is similar enough that power profiles collected by other people (researchers, attackers, people who have unknowingly installed an app that does this) can be used to identify your location. In the case of the original PowerSpy paper, the researchers just drove around the California Bay Area while the PowerSpy app was running on their phones.
What does this mean for privacy?
As far as PowerSpy goes, it’s potentially a problem. The only reason an app would use this algorithm is because it works even if a phone’s location tracking services are turned off. PowerSpy is most effective when trying to locate someone who is taking a known route or moving within a known area, and who does not want to be found through more traditional means (GPS). Three groups of people come to mind when thinking about who could use this effectively: law enforcement, criminals, and advertisers.
But it also demonstrates another problem – it can be really hard to decide if information is personal or not. Your location is clearly personal information, and both Apple (iOS) and Android treat it as such. Your phone’s signal strength is less obviously identifying, but both Apple (iOS) and Android err on the side of caution and protect it anyway. Most people would not have guessed that something as benign as aggregated battery usage data can be used to find your location, but it can. The creators of Android reasonably assumed that apps shouldn’t need to ask for permission to view battery data, and because of this, information about individuals’ locations can theoretically be collected and disclosed by any app on an Android device, without your permission or knowledge.
Read the original PowerSpy paper here: https://arxiv.org/abs/1502.03182
You can read Part 1 of this blog post here.