Location Privacy Breach: Apps Are Watching You in Background

Abstract

Smartphone users can conveniently install a set of apps that provide Location Based Service (LBS) from markets. These LBS-based apps facilitate users in many application scenarios, but they raise concerns on the breach of privacy related to location access. Smartphone users can hardly perceive location access, especially when it happens in background. In comparison to location access in foreground, location access in background could result in more serious privacy breach because it can continuously know a user's locations. In this paper, we study the problem of location access in background, and especially perform the first measurement of this background action on the Google app market. Our investigation demonstrates that many popular apps conduct location access in background within short intervals. This enables these apps to collect a user's location trace, from which the important personal information, Points of Interest (PoIs), can be recognized. We further extract a user's movement pattern from the PoIs, and utilize it to measure the extent of privacy breach. The measurement results also show that using the combination of movement pattern related metrics and the other PoI related metrics can help detect the privacy breach in an earlier manner than using either one of them alone.