Smartphone sensor "fingerprints" could be used to track individual devices


April 29, 2014

The tiny imperfections in each smartphone's sensors leave a unique fingerprint in its shared data (Image: Shutterstock)

The tiny imperfections in each smartphone's sensors leave a unique fingerprint in its shared data (Image: Shutterstock)

Image Gallery (3 images)

Security-conscious smartphone users may decline apps' requests to "use your current location," but according to research conducted at the University of Illinois, doing so still doesn't mean that those users can't be tracked. This is because each phone's sensors – such as the accelerometer – have a unique "fingerprint." By identifying that fingerprint in sensor data sent from the phone, third parties could at the very least keep track of what the user is doing at what time.

As described by the university, smartphone sensors are sort of like sugar cookies made with the same dinosaur-shaped cookie cutter. Although all of the cookies may look like the same dinosaur on first glance, each one is going to have its own tiny unique imperfections. In the case of the sensors, those imperfections leave the one-of-a-kind fingerprint in the gathered data. Although that fingerprint isn't readily apparent to casual users of the data, it can be found by people who are looking for it.

The researchers arrived at their conclusion by testing 80 standalone accelerometer chips, along with the accelerometers in 25 Android phones and two tablets. They used a vibrator motor like those found in most smartphones, to vibrate all of the accelerometers. By analyzing the resulting accelerometer readings, a fingerprint was established for each unit. When those fingerprints were sought out in subsequent readings, it was possible to identify the originating device with 96 percent accuracy.

The researchers' accelerometer-testing setup

This means that conceivably, attackers could access a phone's accelerometer fingerprint simply through app functions that activate its vibrator. Even if the accelerometer were taken out of the equation, other sensors such as the camera, microphone or gyroscope likely also bear their own fingerprints. According to the researchers, by combining all of those identifiers, it would be possible to track a user with even greater accuracy.

Although actual GPS data couldn't necessarily be accessed, a user's approximate whereabouts could likely be obtained based on the sort of apps that they were identified as using – a navigation app would indicate that they were in transit, for instance, while a fitness app might suggest that they were at the gym. None of this would be a problem if raw sensor data were processed onboard the phone, with only basic information being shared. Unfortunately, however, doing so would place a large workload on the processor, and diminish the battery life.

The research was conducted by associate professor Romit Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy. No particular solution has been put forth at this point, other than the suggestion that users not share sensor data with an app before considering how legitimate or secure it is.

Source: University of Illinois

About the Author
Ben Coxworth An experienced freelance writer, videographer and television producer, Ben's interest in all forms of innovation is particularly fanatical when it comes to human-powered transportation, film-making gear, environmentally-friendly technologies and anything that's designed to go underwater. He lives in Edmonton, Alberta, where he spends a lot of time going over the handlebars of his mountain bike, hanging out in off-leash parks, and wishing the Pacific Ocean wasn't so far away. All articles by Ben Coxworth

I guess on some level you have to create a list of your phone's desirable functions and consider what you can do without.

My biggest concern in this space is if a photo/video app anonymously collects and forwards thumbnail size copies of the images I take. A lot of people take family pics which they never intent to place on any online space. To this end any app that requests access to my photo library gets its internet link cut off.


Nice to have fingerprint to allow acess, dont like it to have someone track me & device around Unless I have VIP Exec Security etc alone Otherwise Invasion of Privacy.

Stephen Russell
Post a Comment

Login with your Gizmag account:

Related Articles
Looking for something? Search our articles