University of Illinois Urbana-Champaign

Analysis of privacy protections in fitness tracking applications

Hussain, Muhammad Saad

Permalink

https://hdl.handle.net/2142/101232

Description

Title
Analysis of privacy protections in fitness tracking applications
Author(s)
Hussain, Muhammad Saad
Issue Date
2018-04-26
Director of Research (if dissertation) or Advisor (if thesis)
Bates, Adam
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
Location Privacy, Fitness Tracking Applications
Abstract
Mobile fitness tracking apps allow users to track their workouts and share them with friends through online social networks. Although the sharing of personal data is an inherent risk in all social networks, the dangers presented by sharing personal workouts comprised of geospatial and health data may prove especially grave. While fitness apps offer a variety of privacy features, at present it is unclear if these countermeasures are sufficient to thwart a determined attacker, nor is it clear how many of their users are at risk. In this work, we perform a systematic analysis of privacy behaviors and threats in fitness tracking social networks. Collecting a month-long snapshot of public posts to the popular Strava fitness tracking service (21 million posts, 3 million users), we observe that 16.5% of users make use of Endpoint Privacy Zones (EPZs), which conceal fitness activity nearby user-designated sensitive locations (e.g., home, office). We go on to develop an attack against EPZs that infers users’ protected locations from the remaining available information in public posts, discovering that 95.1% of moderately active users are at risk of having their protected locations extracted by an attacker. Finally, we consider the efficacy of state-of-the-art privacy mechanisms through adapting geo-indistinguishability techniques as well as developing a novel EPZ fuzzing technique. Strava has been notified of the discovered vulnerabilities and (at time of submission) is preparing to incorporate our countermeasures into their production system.
Graduation Semester
2018-05
Type of Resource
text
Permalink
http://hdl.handle.net/2142/101232
Copyright and License Information
Copyright 2018 Muhammad Hussain

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer Science