Abstract
The development of positioning technologies has digitalized people's mobility traces for the first time in history. GPS sensors resided in people's mobile devices allow smart apps to access location data. This large amount of mobility data can help to build appealing applications. Meanwhile, location privacy has become a major concern. In this paper, we design a general system to assess whether an app is vulnerable to location inference attacks. We utilize a series of automatic testing mechanisms including UI match and API analysis to extract the location information an app provides. According to different characteristics of these apps, we classify them into two categories corresponding to two kinds of attacks, namely attack with distance limitation (AWDL) and attack without distance limitation (AWODL). After evaluating 800 apps, of which 109 passed automated testing, we found that 24.7% of the passing apps are vulnerable to AWDL and 11.0% to AWODL. Moreover, some apps even allow us to modify the parameters in http requests which largely increases the scope of the attacks. Our system demonstrates the severity of location privacy leakage to mobile devices and can serve as an auditing tool for future smart apps
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
