DaRoute: Inferring trajectories from zero-permission smartphone sensors

Nowadays, smartphones are equipped with a multitude of sensors, including GPS, that enables location-based services. However, leakage or misuse of user locations poses a severe privacy threat, motivating operating systems to usually restrict direct access to these resources for applications. Nevertheless, this work demonstrates how an adversary can deduce sensitive location information by inferring a vehicle's trajectory through inbuilt motion sensors collectible by zero-permission mobile apps. Therefore, the presented attack incorporates data from the accelerometer, the gyroscope, and the magnetometer. We then extract so-called path events from raw data to eventually match them against reference data from OpenStreetMap. At the example of real-world data from three different cities, several drivers, and different smartphones, we show that our approach can infer traveled routes with high accuracy within minutes while robust to sensor errors. Our experiments show that even for areas as large as approximately 4500 km(2), the accuracy of detecting the correct route is as high as 87.14%, significantly outperforming similar approaches from Narain et al. and Waltereit et al.