Simply choosing to prevent apps from knowing your location doesn't completely protect you from the threat of being tracked, according to a new study.
For now, apps can't track you without your permission. But a new study out of the Department of Computer and Electrical Engineering from the University of Illinois shows that your phone's data can be tracked across apps by potential hackers even if you've turned off location services. According to the research, the culprit is something in your phone known as an accelerometer.
What's an accelerometer? It's a tiny chip inside your phone that measures whether you're holding your phone horizontally or vertically, so the phone can alter its screen accordingly.
But in the same way your fingerprints are yours alone, so is your phone's signal, according to Professor Romit Roy Choudhury and his students of the University of Illinois, who wrote the study, and Professors Wenyuan Xu and Srihari Nelakuditi from the University of South Carolina, who contributed.
This digital "fingerprint" then leaves you theoretically vulnerable to being traced, should a hacker be able to access the server where your data is collected or access data from multiple apps.
Jonathan Damery, who covered the study for the University of Illinois website, compared the accelerometer's fingerprint to cookies cut out with a cookie cutter.
"In some ways, it’s like cutting out sugar cookies. Even using the same dinosaur-shaped cutter, each cookie will come out slightly different: a blemish here, a pock there," he wrote in a post on the research findings. "For smartphone sensors, these imperfections simply occur at the micro- or nanoscale."
Those imperfections mean your phone's unique signal can make your habits easy to track whenever your phone is in use. Not concerned yet? The research suggests that it might not just be the accelerometer that's capable of transmitting these unique signals. Your phone's camera, gyroscope and microphones, among other parts, could all be vulnerable as well.
No one is quite sure exactly how to solve the problem right now, according to Choudhury. But it may involve scrambling your phone's signal with some added "noise" to keep would-be trackers from being able to pinpoint your exact signal.
"Some research needs to be done to understand if the accelerometer data can be made less unique by injecting random noise into it," Choudhury told the Huffington Post. "Of course, we have to be careful about this since too much noise can affect the app's functions. Nonetheless, we believe some injection of noise could help -- the exact technique remains a research question."
Fortunately, Choudhury told HuffPost that he does not yet know of anyone that has found a way to exploit this flaw. So for now, your location services settings will keep your phone safe from being tracked, but beware.
Clarification: This post has been updated to reflect that the vulnerability can be exploited by hackers, not app-makers themselves, to follow the location of the owner of a phone.