Location information extracted from mobile devices has been largely exploited to reveal our routines, significant places, and interests just to name a few. Given the sensitivity of the information it reveals, location access is protected by mobile operating systems and users have control over which applications can access it. We argue that applications can still infer the coarse-grain location information by using alternative sensors that are available in off-the-shelf mobile devices that do not require any permissions from the users. In this paper we present a zero-permission attack based on the use of the in-built magnetometer, considering a variety of methods for identifying location-types from their magnetic signature. We implement the proposed approach by using four different techniques for time-series classification. In order to evaluate the approach, we conduct an in-the-wild study to collect a dataset of nearly 70 hours of magnetometer readings with six different phones at 66 locations, each accompanied by a label that classifies it as belonging to one of six selected categories. Finally, using this dataset, we quantify the performance of all models based on two evaluation criteria: (i) leave-a-place-out (using the test data collected from an unknown place), and (ii) leave-a-device-out (using the test data collected from an unknown device) showing that we are able to achieve 40.5% and 39.5% accuracy in classifying the location-type for each evaluation criteria respectively against a random baseline of approximately 16.7% for both of them.

翻译：从移动设备提取的位置信息已被广泛用于揭示用户的日常活动轨迹、重要地点及兴趣偏好等。鉴于此类信息的高度敏感性，移动操作系统对位置访问权限实施了保护，用户可自主控制应用程序的访问权限。然而，我们认为应用程序仍可通过使用现成移动设备中无需用户授权的替代传感器来推断粗粒度位置信息。本文提出一种基于内置磁力计的零权限攻击方法，探讨了多种通过磁场特征识别位置类型的技术方案。我们采用四种不同的时间序列分类方法实现了所提出的攻击框架。为评估该方法的有效性，我们开展了实地研究，使用六款不同手机在66个地点采集了近70小时的磁力计读数数据集，每个数据点均标注为六种预设类别之一。基于该数据集，我们通过两种评估标准量化所有模型的性能：(i) 留出地点验证（使用未知地点采集的测试数据），(ii) 留出设备验证（使用未知设备采集的测试数据）。实验结果表明，在两种评估标准下，位置类型分类准确率分别达到40.5%和39.5%，而随机基线的准确率约为16.7%。