Security Watch

Keeping Track of patches and hacks in the IT security world.

Your Phone Is Tracking You--Should You Care?

New research shows how phone sensors might be used to track individual users, but in a world where IP addresses, geo-location and cookies already track us, should anyone be surprised?

mobile phone

There was an interesting story this week on SFGate about some new Stanford University research into how sensors on smartphones could be used for tracking people.

To make a long story short, the researchers found that every smartphone that has an accelerometer movement sensor has a unique digital fingerprint. That is, through careful analysis, subtle differences in sensors from different phones can help identify a specific phone or user. The concern is that, unlike other forms of tracking, this is one that a user could not opt out of or shut down.

It's a valid concern, but not one that worries me (much).

On Web browsers today, the use of small pieces of code for tracking information (known as cookies) is widespread. It's how the Internet works. Yes, I know there are efforts including "Do Not Track" to limit the risk from cookies, and users can also shut them down inside some browsers as well.

Every mobile device also has an IP address that can also sometimes be used to geo-locate a given user. Again, I know that IP addresses can be protected and hidden by way of services such as Tor or even just using a basic Proxy connection.

Mobile-device users also have a phone number, identified by the Subscriber Identity Module (SIM) card that all smartphones have. The SIM identifies the user to the carrier, and it plays a role in helping cell towers find users so that calls can be connected.

You see, by definition, a mobile phone is a tracked device. It has to be, because that's how a good deal of the phone's functionally works. Sure, users can hide behind different services and try to obfuscate their location, but location awareness is a feature for mobile devices.

The Stanford Research is noteworthy, though, because it serves as a reminder that seemingly innocuous differences can be used to identify things and people. In the security world, it is a generic, nonspecific platform with no unique characteristics or identifiers that is perhaps the most secure. The device that is exactly the same as thousands or millions of other devices is indistinguishable.

While it might not always be the case, being able to blend in with the masses, just might be the real key to mobile privacy.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.