Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Now Your Phone’s Tilt Sensor Can Identify You

Tiny hardware imperfections in smartphone and tablet accelerometers lead to unique “fingerprints” within the data they produce, researchers find.

All smartphones contain accelerometers, and apps get free use of that information for applications ranging from games to pedometers.

The sensor that lets your phone know which way the screen is oriented also—thanks to minute manufacturing variations—emits a unique data “fingerprint” that could allow your phone to be tracked, even if all other privacy settings are locked down, researchers say.

Unique imperfections: A micrograph of a MEMS accelerometer.

In addition to governing basic things like screen orientation, accelerometer data is widely used by apps such as pedometers and mobile games. Meanwhile, many apps often rely on advertising, which has led advertisers to search for ways to track users and their Web habits.

Even if you don’t allow apps to see your personal data or location, just the raw movements of the phone—which can be measured without permission—can betray the phone’s unique identity and track it over time, says Romit Roy Choudhury, an associate professor at the University of Illinois who cowrote a paper with colleagues at the University of South Carolina that describes the phenomenon. “There has been a lot of work to catch the leakage of ID information from phones,” he says. “We are now saying that accelerometer data going out of the phone can be treated as an ID.”

Accelerometers use a technology called micro-electro-mechanical systems, or MEMS. In the case of an accelerometer, tiny bars of metal move between other metal bars in response to motion, changing electrical capacitance and indicating 3-D movement. Using this information, a smartphone can determine a change in screen orientation, or translate physical movements to a character in a game.

But the underlying data varies minutely from accelerometer to accelerometer, the researchers found. After testing 80 accelerometer chips—plus 25 Android phones and two tablets that used accelerometers—the researchers could pick out the fingerprint with 96 percent accuracy.

Janne Lindqvist, a mobile security researcher at the Winlab at Rutgers University, says the work is novel and important. “Accelerometers still do not require ‘permissions’ to be enabled,” he says. “So they can be used stealthily. I think this is great work, and points out yet another reason why smartphones shouldn’t allow easy access to accelerometer data.”

Indeed, earlier research had shown that accelerometer data can also be used to infer passwords based on the taps people make on their phones.

No regulations or industry practices mandate that users must give affirmative permission before an app can access accelerometer motion data (in contrast, people must give permission before giving their precise location data from GPS chips).

Choudhury said his team was working on ways to add noise to the accelerometer data in a way that obscures the fingerprint, while still making the basic position data accurate. “We believe that some of this can be done for most of the applications, except the ones that you need very precise details,” he says.

Other sensors in smartphones—such as gyroscopes, magnetometers, and microphones—might also have similar electronic fingerprints. “Collection of such fingerprints from other sensors could allow a device to be tracked anywhere and for long periods,” Choudhury says.

Meet the Experts in AI, Robotics and the Economy at EmTech Next.

Learn more and register
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.