research-article

Location Privacy Protection for Smartphone Users

Authors:
Kassem Fawaz

University of Michigan, Ann Arbor, MI, USA

University of Michigan, Ann Arbor, MI, USA
View Profile

,
Kang G. Shin

University of Michigan, Ann Arbor, MI, USA

University of Michigan, Ann Arbor, MI, USA
View Profile

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2014Pages 239–250https://doi.org/10.1145/2660267.2660270

Published:03 November 2014Publication History

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 239–250

ABSTRACT

As smartphones are increasingly used to run apps that provide users with location-based services, the users' location privacy has become a major concern. Existing solutions to this concern are deficient in terms of practicality, efficiency, and effectiveness. To address this problem, we design, implement, and evaluate LP-Guardian, a novel and comprehensive framework for location privacy protection for Android smartphone users. LP-Guardian's overcomes the shortcomings of existing approaches by addressing the tracking, profiling, and identification threats while maintaining app functionality. We have implemented and evaluated LP-Guardian's on Android 4.3.1. Our evaluation results show that LP-Guardian's effectively thwarts the privacy threats, without deteriorating the user's experience (less than 10% overhead in delay and energy). Also, LP-Guardian's privacy protection is shown to be achieved at a tolerable loss in app functionality.

References

S. Amini, J. Lindqvist, J. Hong, J. Lin, E. Toch, and N. Sadeh. Caché: Caching location-enhanced content to improve user privacy. In Proceedings of MobiSys '11, pages 197--210, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Geo-indistinguishability: Differential privacy for location-based systems. In Proceedings of CCS '13, pages 901--914, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
J. Ball. Angry birds and 'leaky' phone apps targeted by NSA and GCHQ for user data. http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data, January 2014.Google Scholar
A. Bamis and A. Savvides. Lightweight extraction of frequent spatio-temporal activities from GPS traces. In Proceedings of RTSS '10, pages 281--291. IEEE, December 2010. Google ScholarDigital Library
A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. Mockdroid: Trading privacy for application functionality on smartphones. In Proceedings of HotMobile '11, pages 49--54, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
C. Bettini, X. Wang, and S. Jajodia. Protecting privacy against location-based personal identification. Secure Data Management, pages 185--199, 2005. Google ScholarDigital Library
T. Book, A. Pridgen, and D. S. Wallach. Longitudinal analysis of android ad library permissions. In Mobile Security Technologies (MoST '13), San Francisco, CA, May 2013.Google Scholar
J. Brickell and V. Shmatikov. The cost of privacy: Destruction of data-mining utility in anonymized data publishing. In Proceedings of KDD '08, pages 70--78, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
Y.-A. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep., 3, Mar 2013.Google ScholarCross Ref
W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of OSDI '10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
J. Freudiger, M. Manshaei, J.-P. Hubaux, and D. Parkes. Non-cooperative location privacy. IEEE TDSC, 10(2):84--98, March 2013. Google ScholarDigital Library
B. Gedik and L. Liu. Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE TMC, 7(1):1--18, January 2008. Google ScholarDigital Library
P. Golle and K. Partridge. On the anonymity of home/work location pairs. 5538:390--397, 2009. 10.1007/978-3-642-01516-8_26. Google ScholarDigital Library
M. C. González, C. A. Hidalgo, and A.-L. Barabási. Understanding individual human mobility patterns. Nature, 453(7196):779--782, June 2008.Google ScholarCross Ref
M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of WISEC '12, pages 101--112, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
S. Guha, M. Jain, and V. N. Padmanabhan. Koi: A location-privacy platform for smartphone apps. In Proceedings of NSDI'12, pages 14--14, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady. Achieving guaranteed anonymity in gps traces via uncertainty-aware path cloaking. IEEE Transcations on Mobile Computing, 9(8):1089--1107, August 2010. Google ScholarDigital Library
O. Jan, A. J. Horowitz, and Z.-R. Peng. Using global positioning system data to understand variations in path choice. Transportation Research Record: Journal of the Transportation Research Board, 1725(2000):37--44, 2000.Google ScholarCross Ref
J. Krumm. Inference attacks on location tracks. In In Proceedings of the Fifth International Conference on Pervasive Computing (Pervasive), volume 4480 of LNCS, pages 127--143. Springer-Verlag, 2007. Google ScholarDigital Library
J. Krumm. Realistic driving trips for location privacy. In Proceedings of Pervasive '09, pages 25--41, Berlin, Heidelberg, 2009. Springer-Verlag. Google ScholarDigital Library
J. Krumm. A survey of computational location privacy. Personal Ubiquitous Computing, 13(6):391--399, August 2009. Google ScholarDigital Library
B. Livshits and J. Jung. Automatic mediation of privacy-sensitive resource access in smartphone applications. In Proceedings of USENIX Security '13, pages 113--130, Berkeley, CA, USA, 2013. USENIX Association. Google ScholarDigital Library
H. Lu, C. S. Jensen, and M. L. Yiu. PAD: privacy-area aware, dummy-based location privacy in mobile services. In Proceedings of MobiDE '08, pages 16--23, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
J. Meyerowitz and R. R. Choudhury. Realtime location privacy via mobility prediction: Creating confusion at crossroads. In HotMobile, 2009. Google ScholarDigital Library
J. Meyerowitz and R. Roy Choudhury. Hiding stars with fireworks: location privacy through camouflage. In Proceedings of MobiCom '09, pages 345--356, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
K. Micinski, P. Phelps, and J. S. Foster. An Empirical Study of Location Truncation on Android. In Mobile Security Technologies (MoST '13), San Francisco, CA, May 2013.Google Scholar
Microsoft Trustworthy Computing. Location based services and privacy. http://www.microsoft.com/en-us/download/confirmation.aspx?id=3250, January 2011.Google Scholar
A. Nandugudi, A. Maiti, T. Ki, F. Bulut, M. Demirbas, T. Kosar, C. Qiao, S. Y. Ko, and G. Challen. PhoneLab: A large programmable smartphone testbed. In Proceedings of SENSEMINE '13, pages 4:1--4:6, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
B. Palanisamy and L. Liu. Mobimix: Protecting location privacy with mix-zones over road networks. In Proceedings of ICDE '11, pages 494 --505, april 2011. Google ScholarDigital Library
P. Pearce, A. P. Felt, G. Nunez, and D. Wagner. Addroid: Privilege separation for applications and advertisers in android. In Proceedings of ASIACCS '12, pages 71--72, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
PlaceMask. Placemask location privacy, May 2014.Google Scholar
K. Puttaswamy, S. Wang, T. Steinbauer, D. Agrawal, A. El Abbadi, C. Kruegel, and B. Zhao. Preserving location privacy in geosocial applications. IEEE TMC, 13(1):159--173, Jan 2014. Google ScholarDigital Library
rovo89. Xposed module repository, May 2014.Google Scholar
C. Shepard, A. Rahmati, C. Tossell, L. Zhong, and P. Kortum. Livelab: Measuring wireless networks and smartphone users in the field. In HotMetrics, 2010. Google ScholarDigital Library
K. Shin, X. Ju, Z. Chen, and X. Hu. Privacy protection for users of location-based services. Wireless Communications, IEEE, 19(1):30 --39, february 2012.Google ScholarCross Ref
R. Shokri, G. Theodorakopoulos, G. Danezis, J.-P. Hubaux, and J.-Y. Le Boudec. Quantifying location privacy: the case of sporadic location exposure. In Proceedings of PETS '11, pages 57--76, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
R. Shokri, G. Theodorakopoulos, J. Le Boudec, and J. Hubaux. Quantifying location privacy. In IEEE Symposium on Security and Privacy (SP),2011, pages 247 --262, May 2011. Google ScholarDigital Library
R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen. Investigating user privacy in android ad libraries. In Mobile Security Technologies (MoST '12), May 2012.Google Scholar
U.S. Census Bureau. US Census Bureau 2010 Census Interactive Population Map. http://www.census.gov/2010census/popmap/, 2014.Google Scholar
N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux. How others compromise your location privacy: The case of shared public ips at hotspots. In E. Cristofaro and M. Wright, editors, Privacy Enhancing Technologies, volume 7981 of Lecture Notes in Computer Science, pages 123--142. Springer Berlin Heidelberg, 2013.Google Scholar
R. Xu, H. Saïdi, and R. Anderson. Aurasium: Practical policy enforcement for android applications. In Proceedings of USENIX Security '12, pages 27--27, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
T.-H. You, W.-C. Peng, and W.-C. Lee. Protecting moving trajectories with dummies. In Mobile Data Management, 2007 International Conference on, pages 278 --282, may 2007. Google ScholarDigital Library
H. Zang and J. Bolot. Anonymization of location data does not work: a large-scale measurement study. In Proceedings of MobiCom '11, pages 145--156, New York, NY, USA, 2011. ACM. Google ScholarDigital Library

Index Terms

Location Privacy Protection for Smartphone Users
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Network security
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

Feeling-based location privacy protection for location-based services
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Anonymous location information may be correlated with restricted spaces such as home and office for subject re-identification. This makes it a great challenge to provide location privacy protection for users of location-based services. Existing work ...
Read More
Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking ...
Read More
An Adaptive Learning Model for k-Anonymity Location Privacy Protection
COMPSAC '15: Proceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference - Volume 03

Location based services (LBS) and the recent awareness towards their privacy threats have kindled the research in providing state of the art approaches and techniques to preserve the user location privacy. Most of these approaches make use of the k-...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 November 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
android
anonymity
indistinguishability
location privacy
location-based services
Qualifiers
- research-article
Conference
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 118
  Total Citations
  View Citations
- 2,363
  Total Downloads
- Downloads (Last 12 months)82
- Downloads (Last 6 weeks)12
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Location Privacy Protection for Smartphone Users

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Feeling-based location privacy protection for location-based services

Preserving location privacy without exact locations in mobile services

An Adaptive Learning Model for k-Anonymity Location Privacy Protection