Researchers at the Indian Institute of Technology (IIT) Delhi have unveiled a groundbreaking system that transforms a smartphone's GPS chip into a stealthy environmental and activity tracker, capable of inferring detailed user behaviours and surroundings without accessing cameras, microphones, or motion sensors. Dubbed AndroCon, the technology leverages nine standard GPS parameters—including Doppler shift, signal strength, satellite visibility, and multipath interference—routinely collected by Android apps with "precise location" permissions.

Led by MTech student Soham Nag and Professor Smruti R. Sarangi from the Department of Computer Science and Engineering, the study demonstrates how this ubiquitous data can reveal whether a person is sitting, standing, walking, travelling by metro, or even flying in an aircraft, while also characterising environments as indoor or outdoor, crowded or empty, and urban or park-like.

Published in the prestigious ACM Transactions on Sensor Networks, AndroCon marks the first system to extract such fine-grained contextual insights solely from GPS signals, raising significant privacy concerns in an era where location permissions are often granted casually. The researchers trained machine learning models on real-world datasets, achieving high accuracy in activity recognition—for instance, distinguishing sedentary postures from dynamic movement via signal fluctuations caused by body occlusion or velocity changes.

Also Read: MEIL'S Power Grab: Buys 250 MW TN Plant for Rs 926 Cr

Environmental inference stems from patterns like reduced satellite lock in dense buildings versus open skies, or erratic multipath echoes in crowded urban canyons compared to serene green spaces. Critically, AndroCon operates passively, requiring no additional hardware and functioning even when users believe they've limited app tracking.

The implications extend far beyond convenience features like automated fitness logging; they expose vulnerabilities in current privacy frameworks. Android's location permissions, while granular, do not warn users that basic GPS telemetry—already shared with countless apps for navigation or advertising—can serve as a covert sensor suite. In tests, AndroCon accurately identified flight status by analysing consistent high-velocity Doppler shifts and stable signal patterns at altitude or metro travel through periodic signal dropouts at underground stations. For indoor scenarios, it gauged room occupancy by multipath richness: sparse reflections in empty spaces versus chaotic scattering in crowded ones. The system’s non-reliance on energy-intensive sensors like accelerometers makes it particularly insidious, as it imposes minimal battery drain while continuously profiling users.

As smartphone ecosystems evolve toward hyper-personalisation, AndroCon underscores the urgent need for updated privacy regulations and user education. Professor Sarangi emphasised the dual-edged nature of the research: while it enables innovative applications like context-aware accessibility tools or emergency response systems, it also empowers potential misuse by advertisers, insurers, or malicious actors. The team advocates for permission models that explicitly disclose secondary inferences from location data, alongside technical safeguards like signal obfuscation. With billions of Android devices worldwide routinely broadcasting these parameters, this study serves as a wake-up call, reminding users that granting location access may reveal not just where they are, but what they’re doing—and who surrounds them—in startling detail.

Also Read: Colombian President Gustavo Petro Faces Payment Block after US Treasury Blacklist, Lawyer Confirms