The sensor that lets your phone know which way the screen is oriented also—thanks to minute manufacturing variations—emits a unique data “fingerprint” that could allow your phone to be tracked, even if all other privacy settings are locked down, researchers say.
In addition to governing basic things like screen orientation, accelerometer data is widely used by apps such as pedometers and mobile games. Meanwhile, many apps often rely on advertising, which has led advertisers to search for ways to track users and their Web habits.
Even if you don’t allow apps to see your personal data or location, just the raw movements of the phone—which can be measured without permission—can betray the phone’s unique identity and track it over time, says Romit Roy Choudhury, an associate professor at the University of Illinois who cowrote a paper with colleagues at the University of South Carolina that describes the phenomenon. “There has been a lot of work to catch the leakage of ID information from phones,” he says. “We are now saying that accelerometer data going out of the phone can be treated as an ID.”
Accelerometers use a technology called micro-electro-mechanical systems, or MEMS. In the case of an accelerometer, tiny bars of metal move between other metal bars in response to motion, changing electrical capacitance and indicating 3-D movement. Using this information, a smartphone can determine a change in screen orientation, or translate physical movements to a character in a game.
But the underlying data varies minutely from accelerometer to accelerometer, the researchers found. After testing 80 accelerometer chips—plus 25 Android phones and two tablets that used accelerometers—the researchers could pick out the fingerprint with 96 percent accuracy.
Janne Lindqvist, a mobile security researcher at the Winlab at Rutgers University, says the work is novel and important. “Accelerometers still do not require ‘permissions’ to be enabled,” he says. “So they can be used stealthily. I think this is great work, and points out yet another reason why smartphones shouldn’t allow easy access to accelerometer data.”
Indeed, earlier research had shown that accelerometer data can also be used to infer passwords based on the taps people make on their phones.
No regulations or industry practices mandate that users must give affirmative permission before an app can access accelerometer motion data (in contrast, people must give permission before giving their precise location data from GPS chips).
Choudhury said his team was working on ways to add noise to the accelerometer data in a way that obscures the fingerprint, while still making the basic position data accurate. “We believe that some of this can be done for most of the applications, except the ones that you need very precise details,” he says.
Other sensors in smartphones—such as gyroscopes, magnetometers, and microphones—might also have similar electronic fingerprints. “Collection of such fingerprints from other sensors could allow a device to be tracked anywhere and for long periods,” Choudhury says.
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
Data analytics reveal real business value
Sophisticated analytics tools mine insights from data, optimizing operational processes across the enterprise.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.