Yet another way to unknowingly gather people coordinates and its countermeasures

Apps running on a smartphone have the possibility to gather data that can act as a fingerprint for their user. Such data comprise the ids of nearby WiFi networks, features of the device, etc., and they can be a precious asset for offering e.g. customised transportation means, news and ads, etc. Additionally, since WiFi network ids can be easily associated to GPS coordinates, from the users frequent locations it is possible to guess their home address, their shopping preferences, etc. Unfortunately, existing privacy protection mechanisms and permissions on Android OS do not suffice in preventing apps from gathering such data, which can be considered sensitive and not to be disclosed to a third part. This paper shows how an app using only the permission to access WiFi networks could send some private data unknowingly from the user. Moreover, an advanced mechanism is proposed to shield user private data, and to selectively obscure data an app could spy.