No Place to Hide that Bytes won’t Reveal: Sniffing Location-Based Encrypted Traffic to Track a User’s Position

p>News reports of the last few years indicated that several intelligence agenciesbr /> are able to monitor large networks or entire portions of the Internet backbone.br /> Such a powerful adversary has only recently been considered by the academic literature.br /> In this paper, we propose a new adversary model for Location Based Services (LBSs).br /> The model takes into account an unauthorized third party, di erent from the LBSbr /> provider itself, that wants to infer the location and monitor the movements of a LBSbr /> user. We show that such an adversary can extrapolate the position of a target user bybr /> just analyzing the size and the timing of the encrypted trac exchanged between thatbr /> user and the LBS provider. We performed a thorough analysis of a widely deployedbr /> location based app that comes pre-installed with many Android devices: GoogleNow.br /> The results are encouraging and highlight the importance of devising more e ectivebr /> countermeasures against powerful adversaries to preserve the privacy of LBS users./p>