I know where you all are! exploiting mobile social apps for large-scale location privacy probing

Abstract

Mobile social apps have been changing the way people interact with each other in the physical world. To help people extend their social networks, Location-Based Social Network (LBSN) apps (e.g., Wechat, SayHi, Momo) that encourage people to make friends with nearby strangers have gained their popularity recently. They provide a “Nearby” feature for a user to find other users near him/her. While seeing other users, the user, as well as his/her coarse-grained relative location, will also be visible in the “Nearby” feature of other users. Leveraging this observation, in this paper, we model the location probing attacks, and propose three approaches to perform large-scale such attacks on LBSN apps. Moreover, we apply the new approaches in the risk assessment of eight popular LBSN apps, each of which has millions of installation. The results demonstrate the severity of such attacks. More precisely, our approaches can collect a huge volume of users’ location information effectively and automatically, which can be exploited to invade users’ privacy. This study sheds light on the research of protecting users’ private location information.