To most people, privacy is sacred. Even though we open ourselves up to the world on social media sites like Facebook and Twitter, we still have parts of our lives that we deem only for us. Whether those the secrets you hold or the special place you visit, not everything is for worldwide consumption.

Your phone can be an agent of many great things, but most people try to strike a balance between using it as a tool and letting the apps we download invade our privacy. There’s a reason why Google makes Android apps ask to access sensitive parts of your phone like storage, contacts, or GPS. We are the owners of these devices and we have the right to say, “No, you can’t check my location.”

GPS has become such an ingrained part of our culture that many of us don’t even think about it anymore. If you want to go check out a new restaurant but don’t know where it is, search for it in Google Maps. Want to map your running route? There are tons of apps that use GPS to do that. Don’t want to be tracked at all? Just turn GPS off.

But, what if I told you that you could be tracked without using GPS? What if there was a way for an app to narrow down exactly where you are, how fast you’re traveling, and what kind of vehicle you’re in— all without accessing your GPS location or you being aware? That’s pretty scary, right?

How does it work?

This new tracking method comes from researchers at Princeton University. The team was able to create an app and place about 2,000 lines of code in it to detect information from sensors that it doesn’t need special permission to access. These include the accelerometer, magnetometer, and barometer. It also identifies your device’s IP address, time zone, and network status (connected to either mobile data or Wi-Fi).

The trick in accurately tracking a person with this method is finding out what kind of activity they’re performing. Whether they’re walking, driving a car, or riding in a train or airplane, it’s pretty easy to figure out when you know what you’re looking for.

The sensors can determine how fast a person is traveling and what kind of movements they make. Moving at a slow pace in one direction indicates walking. Going a little bit quicker but turning at 90-degree angles means driving. Faster yet, we’re in train or airplane territory. Those are easy to figure out based on speed and air pressure.

After the app determines what you’re doing, it uses the information it collects from the sensors. The accelerometer relays your speed, the magnetometer tells your relation to true north, and the barometer offers up the air pressure around you and compares it to publicly available information. It checks in with The Weather Channel to compare air pressure data from the barometer to determine how far above sea level you are. Google Maps and data offered by the US Geological Survey Maps provide incredibly detailed elevation readings.

Once it has gathered all of this information and determined the mode of transportation you’re currently taking, it can then begin to narrow down where you are. For flights, four algorithms begin to estimate the target’s location and narrows down the possibilities until its error rate hits zero.

If you’re driving, it can be even easier. The app knows the time zone you’re in based on the information your phone has provided to it. It then accesses information from your barometer and magnetometer and compares it to information from publicly available maps and weather reports. After that, it keeps track of the turns you make. With each turn, the possible locations whittle down until it pinpoints exactly where you are.

To demonstrate how accurate it is, researchers did a test run in Philadelphia. It only took 12 turns before the app knew exactly where the car was.

What do we do about it?

There are two questions we should answer: what can you do about it as individual and what can we do to prevent this? As an individual, you need to be careful about what you’re downloading. As we mentioned earlier, there are only about 2,000 lines of code required to track you in this manner. That’s nothing. Simple games and apps can have tens or hundreds of thousands of lines of code in them. Sneaking in 2,000 lines of code would be easy to do and hard to recognize.

Be aware of what you're downloading and who the app is made by

That isn’t to say that you shouldn’t download apps. Don’t get us wrong— we absolutely love apps. But, be aware of what you’re downloading and who the app is made by. Do some research about the apps and the companies behind them if you think something is suspicious.

To prevent this tracking in the future, the researchers behind the method have some suggestions. First off, the apps that want to use these sensors could simply have to request access. We’ve become so accustomed to letting apps do what they wish to with these sensors that we don’t even think about it anymore. Making apps request access would make people more aware of what apps are doing in the background.

The researchers also suggest decreasing the sampling rate used by the sensors when they’re not active. If the sampling rate is reduced below what is required for this kind of tracking, then malicious apps couldn’t gain the information they need without the operating system catching on. The final suggestion is to add hardware switches to phones to deactivate the sensors when not in use. With as obsessed with aesthetics as all Android manufacturers are, we doubt this will ever see the light of day.

Unfortunately, this isn’t the kind of report where we’re bringing you information of a recently patched exploit. This isn’t something that was found, brought to Google’s attention, and then published after it was fixed. This is an ongoing issue, which as far as we know, hasn’t shown up in other apps yet. We’re only getting word of it from a report filed by researchers.

It’s scary to think that we’re helpless to prevent this kind of tracking right now. Even those of us who are extremely careful about what we put on our phones could be susceptible if an app developer for some reason wants to track their users. Right now, the best path forward seems to be pushing Google, Apple, and possibly our elected representatives, to prevent this kind of tracking or make it unlawful to do so.

Read comments