Are mobile apps too curious?

Most mobile devices have capabilities for determining the user’s location using a combination of GPS signals, cell tower locations and WiFi areas. We use this function to find our way, a nearby restaurant or learn about a site of interest.

So why does a mobile game, for example one about slingshotting of ill-tempered birds, need to know where you are? The answer is, most often, advertising. Indeed, it makes sense to show the user advertisements if he or she is in a geographically suitable region.

However, a typical user no longer has any idea about who are all the people who know where he or she lives or works. Such privacy leaks are hard to control, as devices share our location with new services.

Building a better location service

We decided to show that mobile services do not have to compromise with privacy. We built an “Am I there yet?” service for the Real World Crypto conference that took place in London in January 2015. RWC is a great new conference on the application of bleeding edge cryptographic technology and a wonderful place for testing out a new cryptographically private service.

RWC visitors were sent a link to a web-based location application for use in their smartphone or other location-capable device. The application encrypts the user’s location and sends it to a Sharemind-based service that calculates the distance from the user to the RWC conference venue.

The user will know the distance, but the service will only know that a user made a query. Also, even though we are performing calculations in the encrypted domain, we are using precision floating point arithmetic. Sharemind is happy to calculate the following formula whenever you make a query.

We set up a screen at the RWC venue to show how people are approaching the event. It shows people as they approaching the event. Over three days, we saw about 130 unique user sessions and answered many questions about the privacy guarantees.

Ready for practical use

We are now at the point where location services can be built without breaking privacy. Sharemind supports more privacy-preserving versions of services such as Tinder or other location-based services. In the years to come, this will lead to services that differentiate themselves by protecting their users’ data and complying better with privacy regulations.

We are grateful to Bar-Ilan University and Partisia for co-hosting the application and the EU PRACTICE project for supporting its construction.