Unmasking Using Accelerometer Signatures

You are commuting to work by bus. While sitting on the bus, you open your favorite social app. Even though it is your favorite app, you don’t trust it enough to share your location with it. At the next stop, a passenger gets on the bus. The passenger sits on the bus and opens the same social app. But the passenger shares their precise location with the app. Now, if this social app is reading accelerometer data on your phone as well as the passenger’s phone, the app can easily figure out that both phones experience the same vibration pattern. Indeed, both phones are going to record the same vibrations, e.g. when the bus takes off, stops, and swerves left or right. The app now knows that you and the passenger are together in the same environment, hence same location. Don’t be surprised if you receive a recommendation from the app to add this passenger as a friend.


A coordinated attack could take this even further. Each bus could be equipped with a phone running an app that (1) is recording the accelerometer data and (2) is recording the bus line and location. This data could be combined with an accelerometer signature recorded in a widely used app like Instagram.

In the case of a popular cause like the Boston Marathon bombing, it’s easy to imagine public support.

Further reading: https://dl.acm.org/doi/abs/10.1145/3309074.3309076