Smart cities and open WiFis: When android os permissions cease to protect privacy

The wide-spread availability of open WiFi networks on smart cities can be considered an advanced service for citizens. However, a device connecting to WiFi network access points gives away its location. On the one hand, the access point provider could collect and analyse the ids of connecting devices, and people choose whether to connect depending on the degree of trust to the provider. On the other hand, an app running on the device could sense the presence of nearby WiFi networks, and this could have some consequences on user privacy. Based on permission levels and mechanisms proper of Android OS, this paper proposes an approach whereby an app attempting to connect to WiFi networks could reveal to a third part the presence of some known networks, thus a surrogate for the geographical location of the user, while she is unaware of it. This is achieved without resorting to GPS readings, hence without needing dangerous-level permissions. We propose a way to counteract such a weakness in order to protect user privacy.