A new study from the Indian Institute of Technology (IIT) Delhi has found that Android applications granted precise location permissions can infer far more about a user than previously believed, including their environment, movement, and even the structure of nearby spaces.
Conducted by MTech student Soham Nag and Professor Smruti R Sarangi from the Department of Computer Science and Engineering, the research introduces AndroCon, a system that turns standard GPS data into a powerful sensing tool. The findings were published in the peer-reviewed journal ACM Transactions on Sensor Networks.
The study demonstrates that even without using a device’s camera, microphone, or motion sensors, AndroCon can interpret nine GPS parameters such as signal power, Doppler shift, and multipath interference to determine whether a person is sitting, walking, lying down, or travelling, including contexts like being inside a metro, an aircraft, or a crowded outdoor area. It can also distinguish between empty and crowded rooms.
By applying classical signal processing techniques combined with machine learning, the team achieved nearly 99 per cent accuracy in identifying environments and over 87 per cent accuracy in recognising human activities during a year-long trial covering 40,000 sq km across multiple phone models.
The same framework can reconstruct indoor floor maps — identifying rooms, staircases, and elevators — with an error margin of less than four metres.
While the research opens new possibilities for context-aware applications, it also highlights a pressing privacy risk: any Android app with access to precise location data could potentially extract sensitive contextual information without the user’s consent. As Professor Sarangi noted, the study serves as a reminder that familiar technologies often conceal powerful, unregulated capabilities.
