On most mobile devices nowadays, location privacy is an all-or-nothing deal: You either allow applications to track you all the time, or you turn off the location setting and suffer the inconvenience of having to turn it back on every time you use the app.
Both Apple and Google have improved this in recent years, adding granular controls to their mobile operating systems that allow users to permit or deny individual apps access to their device's location. But while that might be sufficient to prevent a sketchy flashlight app from snooping on you, it's still not quite enough to stop apps that might legitimately need your location from constantly running in the background and recording everywhere you go.
Thus, a group of researchers from UCLA have proposed what they call LocationSafe, a privacy module that would give users fine-grained control over location privacy—with an eye towards combating the recent onslaught of privacy-invading Internet of Things devices.
"User applications requesting data of users is a binary permission, either I share my data or I don't. However, sensitive data such as location needs finer control on how accurate and how often the location information is released," authors Joshua Joy, Minh Lee, and Mario Gerla write in their paper.
To address this, the researchers propose building their privacy module directly into the GPS daemon, or GPSD, a low-level software interface present on all GPS-enabled devices that controls access to the device's location. That way, the user can choose exactly how location data is provided and used before the higher-level operating system and other applications request it.
The researchers propose several ways the module could do this. One method involves the user controlling the "coarseness" of the location given to applications, essentially spoofing the location by randomly picking a point within a specified radius so as not to reveal the device's exact position. LocationSafe could also be used to limit how frequently an application receives location data—kind of like a teenager's allowance—to make sure it won't unnecessarily collect and record your every move on some distant server.
So far, granular privacy controls similar to LocationSafe have only been available to users who root or jailbreak their device. But, while this gives users a great deal more control, jailbreaking relies on exploiting security holes, and always comes with the usually-not-worth-it drawback of making your device a lot less secure.
Since it would be built directly into software found on GPS-enabled devices, LocationSafe wouldn't require any jailbreaking, potentially making fine-grained privacy controlled much more accessible to regular users.
"The privacy module ensures that all GPS data is released according to the data owner's consent and choice," the researchers write. "We demonstrate that appropriate methodologies can be placed which provides strong location privacy guarantees, yet enable analyzers access to privatized location data."