RTR4ME4E
A malicious Android app could track a user using only information about their battery usage, researchers say. Reuters

Android phones can be easily tracked by apps that calculate battery drain, according to a new paper by a team of Stanford researchers. Apps merely need access to smartphone users’ power consumption over time to track their movements, the researchers say.

Smartphones use more power as they get further away from cell towers, or if walls and other barriers disrupt communications from the tower to phone. Researchers say that battery-draining services like high-speed data use and apps can be removed from the equation using machine learning algorithms, or software formulas that can learn from, and sort through the data.

The team built their own software to test their findings -- a lab-created computer virus they called PowerSpy -- capable of tracking Android users without GPS tracking data or the ability to scan Wi-Fi hotspots. An app given the ability to calculate power consumption could track a user's location more than two-thirds of the time.

"The malicious app has neither permission to access the GPS nor other location providers [like the] cellular or wi-fi network," Yan Michalevsky and his team from Stanford University wrote. "We only assume permission for network connectivity and access to the power data. These are very common permissions for an application, and are unlikely to raise suspicion on the part of the victim."

Google offers 179 apps on its Play Store that request power usage information and require only a few minutes of power measurements to begin tracking a user's locations, Michaelevsky wrote. The researchers said that while more apps in the background caused PowerSpy's accuracy to go down to roughly 20 percent, they could likely improve the tracking if it was programmed to account for the battery usage of more apps and services.