When I started working on understanding social systems, privacy really wasn’t on my mind. (I generally want to write down equations, understand the universe and all that). But one of the central realizations arising from our SensibleDTU experiment is that privacy needs to be an important part of this kind of research. I’ve written about this at length elsewhere. One of the things we noticed while digging into terabytes of social data is that data-channels are highly correlated. Information “bleeds through” … something which has serious implications for privacy. Case in point: My group has just released a new preprint (get it here) that shows how the WiFi information routinely collected by your smartphone can easily be converted to precise information about your location. WiFi routers reveal where you live, work, and spend your leisure time. While your phone may have told you that WiFi helps “improve location accuracy”, it may come as a surprise that
- A majority of apps in the store have access to the list of routers around you (scanned every 20 seconds).
- Your Android smartphone by default scans for WiFi routers even if you disable WiFi.
Our research shows
- How to easily convert WiFi information into geographical position.
- That although it sounds like all WiFi scans might be a lot of data to process, your mobility can be described using just a few of access points. And we have built an Android app which only requires WiFi data to illustrate how this works for your own mobility: Download here.
- That if someone knows these routers at some point in time, they will still know a lot about your mobility six months later.
Thus, while WiFi networks are intended for enabling connectivity, they are also a de facto location tracking infrastructure. More generally, our world is becoming more enclosed in a web infrastructures supporting communication, mobility, payments, and advertising. Logs from mobile phone networks (call detail records, CDRs) constitute a global database of human mobility and communication networks. Credit card records form high-resolution traces of our spending behaviors.
Update June 3rd, 2015 (maybe-our-paper-played-a-role-in-this edition)
Yesterday, while scouring Google I/O for details on the updated permissions (and to see if anyone mentioned our work), we found that a Google engineer (Ben Poiesz) was asked about the issue of WiFi tracking during the session discussing the new permission model. The session took place on May 29th – the clip is here:
In the video, the friendly Google engineer notes that that – under the new system – apps without the location permission will no longer be able to see the mac addresses of WiFi and Bluetooth devices around … because that’s that’s equivalent to location.
No one is claiming (least of all us) that our work caused the change, but we would like to point out a couple of things about the way Google chose to announce it, which might indicate that the choice of fixing wifi is a recent decision on Google’s part:
- The published source code [find it here] (lines 99-114) and documentation [find it here] do not yet indicate that WiFi information is to be treated as location.
- When you install the current Android M beta on your phone, our “WiFi Watchdog”app still works … and WiFi is not treated as location. And a technical point: This it’s not just because of the “legacy mode” – according to the same presentation (https://youtu.be/f17qe9vZ8RM?t=13m): “WiFi Watchdog” should just receive empty data on Android M, but instead it continues to receive the same data as on Lollipop
- The announcement of this arguably major change (80% of apps on the market would potentially be affected) was not a part of the main presentation … but an answer during the Q&A session.
Now, it is probably just a coincidence, and maybe a fix for the WiFi permissions has been in the works for months. But it’s quite striking that Google decided to fix wifi permissions 7 years after the existing scheme was introduced (and just days after we published our paper).