ShiftRoute: Achieving Location Privacy for Map Services on Smartphones

Abstract

Map services, e.g., Google Maps, are gaining popularity for vehicle navigation. However, map service users have to provide sensitive information like precise geographic locations or detailed addresses, which are susceptible to accidental leakage or even data mining in the future. We find existing general-purposed location privacy protection mechanisms (LPPMs) not effective, when applied to map service on smartphones. This paper presents ShiftRoute, a new LPPM specially designed for map services on smartphones. ShiftRoute enables smartphone users to query a route between two endpoints on the map, without revealing any meaningful location information. The basic idea is to strategically shift the endpoints to nearby ones, such that: 1) the semantic meanings encoded in these endpoints (e.g., their addresses) change much , i.e., location privacy is largely protected; 2) the routes returned by map services change little , i.e., service usability is preserved. Specifically, we design a protocol to allow a mobile client to retrieve point of interests (POIs) close to the original endpoints, and an algorithm that selects shifted endpoints from these POIs, that achieves the privacy property of geo-indistinguishability . We implement an application of ShiftRoute on Android, and conduct experiments with real traces from a production map service. Experimental results show that ShiftRoute strikes a good tradeoff between location privacy and service usability.