A new app has been designed at Stanford University that allows researchers to track Android phones by monitoring battery consumption alone. While a phone can usually be tracked by monitoring the cellular or WiFi network that it is on using GPS, the research team at Stanford has managed to combine clever algorithms with the battery use alone, to create an app that can locate a phone. Remarkably, how it works is actually very simple.
When you make a phone call or run an app, or when an app is running in the background, this all uses up a phone’s battery power. How much power is consumed when connecting to the internet, however, varies depending on how far or close you are to the cellular hub, and is altered by the obstacles between your phone and that point.
By monitoring the phone’s overall usage to get a base reading, the researchers found that they could use mathematical algorithms to factor out ordinary use (or what they refer to as background noise) from the usage involved to connect to the internet signal from a cellular base, which in turn allowed them to triangulate a position for the phone.
In their paper the researchers from Stanford’s computer science department – a Mr Yan Michalevsky, Mr Dan Boneh and Mr Aaron Schulman (who were joined by Gabi Nakibly from the National Research and Simulation Center Rafael Ltd, for the purposes of the research project) explain why the app is so successful,
‘We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement. Intuitively, the reason why all this noise does not mislead our algorithms is that the noise is not correlated with the phone’s location. Therefore, a sufficiently long power measurement (several minutes) enables the learning algorithm to “see” through the noise.’
The research was carried out on phones using the UK’s 3G network, and what is most interesting is how it finds a phone’s location without needing permission to analyze data which we usually associate with determining position- something that the Stanford University researchers also found troubling,
‘The malicious app has neither permission to access the GPS nor other location providers (eg cellular or WiFi network)’… we only assume permission for network connectivity and access to the power data.’
The paper continues by informing us that there are currently 179 apps available on Google Play that request this information, any of which could in theory be using the data to figure out a phone’s location.
‘I think people sometimes forget that smartphones are stuffed full of sensors from gyroscopes and GPS to the more obvious microphones and cameras. This latest work shows that even that basic characteristics (power consumption) has the potential to invade privacy if monitored in the right way,’
Perhaps most interestingly of all he says,
‘We are approaching the point where the only safe way to use your phone is to pull the battery out – and not all phones let you do that.’