Exploiting Proximity-Based Mobile Apps for Large-Scale Location Privacy Probing

Shuang Zhao, Xiapu Luo, Xiaobo MA, Bo Bai, Yankang Zhao, Wei Zou, Zeming Yang, Man Ho Allen Au, Xinliang Qiu

Research output: Journal article publicationJournal articleAcademic researchpeer-review

Abstract

Proximity-based apps have been changing the way people interact with each other in the physical world. To help people extend their social networks, proximity-based nearby-stranger (NS) apps that encourage people to make friends with nearby strangers have gained popularity recently. As another typical type of proximity-based apps, some ridesharing (RS) apps allowing drivers to search nearby passengers and get their ridesharing requests also become popular due to their contribution to economy and emission reduction. In this paper, we concentrate on the location privacy of proximity-based mobile apps. By analyzing the communication mechanism, we find that many apps of this type are vulnerable to large-scale location spoofing attack (LLSA). We accordingly propose three approaches to performing LLSA. To evaluate the threat of LLSA posed to proximity-based mobile apps, we perform real-world case studies against an NS app named Weibo and an RS app called Didi. The results show that our approaches can effectively and automatically collect a huge volume of users’ locations or travel records, thereby demonstrating the severity of LLSA. We apply the LLSA approaches against nine popular proximity-based apps with millions of installations to evaluate the defense strength. We finally suggest possible countermeasures for the proposed attacks.
Original languageEnglish
Pages (from-to)1-22
JournalSecurity and Communication Networks
DOIs
Publication statusPublished - 14 Feb 2018

Fingerprint

Dive into the research topics of 'Exploiting Proximity-Based Mobile Apps for Large-Scale Location Privacy Probing'. Together they form a unique fingerprint.

Cite this