It's definitely far from being an easy attack. But it raises an interesting question in that the current smartphone security models don't require special permissions for accelerometer access whereas they do for cameras and other things.
With this kind of stuff and other advances in activity recognition, allowing any app to record anything using the accelerometer might become a privacy threat.
Hmm, this is very interesting - a web page that you commonly use can also easily track large amounts of what you type on your computer, and use it as the training data to correlate with the accelometer on your phone; and if you use that web page often, then you're somewhat likely to have their app installed on your phone.
sounds like one can be tracked even without GPS, just by integrating accelerometer data and even one fixed point of reference may be not necessary as the pattern of movements can, in many cases, be uniquely aligned with the pattern of streets/etc...
Interesting, I could see this working with an app that didn't have GPS permissions especially in rural areas where the roads might have a unique fingerprint. Through the mobile web APIs the phone's screen has to be on for the JavaScript event loop to run so that would be a harder way to do it.
I think the reason GPS is used is that measurement error in the accelerometer leads to pretty bad drift. If you could resynch the movements periodically it might work though.
Yes I am very relived they published this. I assumed this was possible acoustically many years ago, but never told anyone ahahha. When I saw this headline, I feared seismic (accelerometers) might do an even better job at it, but fortunately, it looks like they don't.
With this kind of stuff and other advances in activity recognition, allowing any app to record anything using the accelerometer might become a privacy threat.