A recent study by IIT Delhi reveals a “critical security gap” in Android apps that use precise location, stating they could potentially infer sensitive information without explicit user consent.
The study titled “AndroCon: An Android Phone-based Sensor for Ambient, Human Activity and Layout Sensing using Fine-Grained GPS Information” has been published in ACM Transactions on Sensor Networks.
The research was conducted by Soham Nag, M.Tech., Centre of Excellence in Cyber Systems and Information Assurance, and Dr Smruti R. Sarangi, Professor in the Department of Computer Science and Engineering.
“It shows that these hidden clues can reveal far more than just the location: they can quietly expose a person’s activity, environment, and even the layout of the room or floor they are in,” IIT Delhi said in a statement.
The researchers developed AndroCon, a system that demonstrates how GPS data already accessible to Android apps with precise location permissions can infer whether someone is sitting, standing, lying down, inside a metro, on a flight, in a park, or in a crowded outdoor space. They can also infer if the room is crowded or empty.
Professor Sarangi said, “Across a year-long study spanning 40,000 sq. km and a lot of different phones, AndroCon achieved up to 99% accuracy in detecting surroundings and over 87% accuracy in recognising human activities – even subtle ones like hand-waving near the phone.”
While AndroCon opens exciting possibilities for context-aware, privacy-respecting smart services, it also exposes a critical security gap. Any Android app with precise location permissions could potentially infer sensitive contextual information without explicit user consent, according to IIT Delhi.
Published – October 31, 2025 01:47 am IST
