How much personal information can our phone apps gather through location tracking? To answer this question, two researchers – Mirco Musolesi (University of Bologna, Italy) and Benjamin Baron (University College London, UK) – carried out a field study using an app specifically developed for this research.
Through the app employed in the study researchers were able to identify which kind of personal information the app extracted and its privacy sensitivity according to users.
“Users are largely unaware of the privacy implications of some permissions they grant to apps and services, in particular when it comes to location tracking information”, explains Musolesi.
“Thanks to machine learning techniques, these data provide sensitive information such as the place where users live, their habits, interests, demographics, and information about users’ personalities”.
A violation of the users’ privacy
This is the first extensive study shedding light on the range of personal information that can be inferred from location tracking data. Consequently, the study also shows how collecting such information can represent a violation of the users’ privacy. To this end, the researchers developed a mobile application – TrackingAdvisor – that continuously collects user location.
From the location data, the app can extract personal information and asks users to give feedback on the correctness of such information as well as to rate its relevance in terms of privacy sensitivity.
69 users participated in the study and used TrackAdvisor for at least two weeks. TrackAdvisor tracked more than 200,000 locations, identifying approximately 2,500 places and collecting almost 5,000 pieces of personal information concerning both demographics and personality. Among the data gathered, the users find that the most sensitive pieces of information were the ones about health, socio-economic situation, ethnicity, and religion.
“We think it is important to show users the amount and quality of information that apps can collect through location tracking”, continues Musolesi. “Equally important for us is to understand whether users think that sharing information with app managers or marketing firms is acceptable or deem it a violation of their privacy”.
Designing targeted advertising systems to protect users’ privacy
According to the researchers, analyses like this pave the way to designing targeted advertising systems that help users protect their privacy, especially with the data they deem more sensitive.
“Thanks to such systems, users interested – for example – in protecting information about their own health could receive a notification each time they go to a health clinic or hospital”, confirms Musolesi.
“But there is more. This could also lead to the development of systems that can automatically block the collection of sensitive data from third parties thanks to previously defined privacy settings”.