Mobile motion sensors such as accelerometers and gyroscopes are now ubiquitously accessible by third-party apps via standard APIs. While enabling rich functionalities like activity recognition and step counting, this openness has also enabled unregulated inference of sensitive user traits, such as gender, age, and even identity, without user consent. Existing privacy-preserving techniques, such as GAN-based obfuscation or differential privacy, typically require access to the full input sequence, introducing latency that is incompatible with real-time scenarios. Worse, they tend to distort temporal and semantic patterns, degrading the utility of the data for benign tasks like activity recognition. To address these limitations, we propose the Predictive Adversarial Transformation Network (PATN), a real-time privacy-preserving framework that leverages historical signals to generate adversarial perturbations proactively. The perturbations are applied immediately upon data acquisition, enabling continuous protection without disrupting application functionality. Experiments on two datasets demonstrate that PATN substantially degrades the performance of privacy inference models, achieving Attack Success Rate (ASR) of 40.11% and 44.65% (reducing inference accuracy to near-random) and increasing the Equal Error Rate (EER) from 8.30% and 7.56% to 41.65% and 46.22%. On ASR, PATN outperforms baseline methods by 16.16% and 31.96%, respectively.

翻译：加速度计和陀螺仪等移动运动传感器现已通过标准API被第三方应用普遍访问。这种开放性在支持活动识别和计步等丰富功能的同时，也使得未经用户同意即可无监管地推断敏感用户特征（如性别、年龄甚至身份）成为可能。现有的隐私保护技术，例如基于GAN的混淆或差分隐私，通常需要访问完整的输入序列，这会引入与实时场景不兼容的延迟。更糟糕的是，它们往往会扭曲时间和语义模式，降低数据在活动识别等良性任务中的可用性。为解决这些局限性，我们提出了预测性对抗变换网络（Predictive Adversarial Transformation Network, PATN），这是一种实时隐私保护框架，它利用历史信号主动生成对抗性扰动。扰动在数据采集后立即应用，从而在不中断应用功能的情况下实现持续保护。在两个数据集上的实验表明，PATN显著降低了隐私推断模型的性能，攻击成功率（Attack Success Rate, ASR）分别达到40.11%和44.65%（将推断准确率降至接近随机水平），并将等错误率（Equal Error Rate, EER）从8.30%和7.56%分别提高至41.65%和46.22%。在ASR指标上，PATN分别优于基线方法16.16%和31.96%。