Researchers in India have unveiled a system that turns standard GPS data into a sophisticated surveillance tool, capable of identifying whether a user is sitting, walking, or even waving, raising major alarms about digital privacy
A team from the Indian Institute of Technology (IIT) Delhi has uncovered a critical and unsettling vulnerability in standard smartphone usage: an app with precise location access can use signals from GPS satellites to spy on a user’s environment and physical movements without ever activating the microphone or camera.
The research, led by Professor Smriti R Sarangi and M.Tech student Soham Nag, demonstrates that the global positioning system—long assumed to be a simple navigational aid—contains “hidden clues” about the world around the phone.
Their system, dubbed AndroCon, leverages subtle features in GPS signal transmission, such as Doppler shifts, signal strength, and even reflections from nearby surfaces (known as multipath interference). By applying classic signal processing and machine learning to these features, the researchers effectively transformed the GPS receiver into a covert sensor.
From Navigation to Non-Stop Surveillance
Traditionally, granting an app “precise location” permission simply allows it to pinpoint the user’s latitude and longitude. The IIT Delhi study reveals the consequences of this permission go far deeper.
In a year-long study covering 40,000 square kilometres, AndroCon demonstrated it could accurately infer a wide range of intimate user activities:
Physical State: Distinguishing whether a person is sitting, standing, walking, or lying down with up to 99 per cent accuracy.
Context: Detecting if the user is travelling on the metro, strolling through a park, or in a crowded plaza.
Indoor Mapping: Creating floor plans of indoor spaces, including room layouts, staircases, and elevators, with errors of less than four metres.
Subtle Gestures: Even identifying subtle movements, such as a hand-wave near the phone.
The key finding is that the sophisticated surveillance does not require access to traditionally sensitive sensors like the camera, microphone, or motion detectors. Any Android app with the single permission for precise location can potentially gather this fine-grained data without the user’s knowledge.
Privacy Gap
While this revelation opens doors for advanced, context-aware smart services—such as apps that automatically adapt settings based on whether you are walking or driving—it exposes a massive security gap.
The researchers warn that most users granting location access for simple services like ride-hailing or weather updates are unaware that they are simultaneously consenting to this “fine-grained” environmental monitoring.
Experts are now highlighting the urgent need for developers and platforms to rethink how location data is handled, arguing that combining basic signal processing with machine learning has effectively turned the GPS sensor into a sophisticated tool for observing daily life.
For smartphone users, the message is clear: the simple choice to grant an app “precise location” access should be treated with the same caution reserved for enabling a microphone or camera. That single tap could reveal much more about your life than just where you are.