Professional Documents
Culture Documents
of geolocation tools
The "Guide to security and privacy of geolocation tools" has been prepared by the Information
Security Observatory team at INTECO:
The mission of INTECO is to provide value and innovation to individuals, SMEs, Public
Authorities and the information technology sector through developing projects which contribute
towards increasing confidence in our country’s Information Society services, while also
promoting an international course of participation. To this end, INTECO will develop actions in
the following areas: Security Technology, Accessibility, ICT Quality and Training.
This publication belongs to the National Institute of Communication Technologies (INTECO) and is under a Creative
Commons Non-commercial 2. 5 Spain Recognition license, and thus it is permitted to copy, distribute and communicate this
work publicly under the following conditions:
• Recognition: The contents of this report can be reproduced in whole or in part by third parties, by citing its origin
and making express reference to both INTECO and its website: www.inteco.es. This recognition may in no case
suggest that INTECO supports or endorses the third party's use of its work.
• Non-commercial use: The original material and derivative works can be distributed, copied and displayed while
their use is not commercial.
For any reuse or distribution, you must make the license terms of this work clear to others. Any of these conditions can be
waived if you get permission from INTECO as owner of the copyright. Nothing in this license impairs or restricts the moral
rights of INTECO. http://creativecommons.org/licenses/by-nc/2.5/es/
This document complies with the accessibility conditions of PDF (Portable Document Format). This is a structured and
labelled document provided with alternatives to all non-text element, language mark up and appropriate reading order.
For more information on preparing accessible PDF documents, you can consult the guide available in the Accessibility
section > Training > Manuals and Guides on the webpage http://www.inteco.es
3 GEOLOCATION APPLICATIONS................................................... 9
'Geolocation' refers to the set of technologies that combine geo-referencing objects in the
real world with information obtained through an Internet connection.
It is one of the most popular manifestations of the current development of Information and
Communications Technologies (ICT), which is recently experiencing a significant rise.
Mobile devices are particularly appropriate for applying geolocation technology. First,
multiple mechanisms have been developed to enable geolocating a device (either through
GPS 1 technology, WiFi wireless networks, or the actual mobile networks). Secondly, the
development of mobile broadband allows the so-called "smart phones" to connect to the
Internet.
1
GPS. Global Positioning System.
2
Available at: http://www.facebook.com/places
Online geolocation applications make it possible, from any device connected to the
Internet (whether it be a mobile device, laptop, desktop, etc.), to obtain all types of
information in real time and locate it on the map with pinpoint accuracy.
Combining this technology with cloud storage systems 7 , also allows information to be
automatically synchronised between heterogeneous devices.
The functionality of such applications range from something as simple as finding a nearby
service station, to something as complex as obtaining car navigation routes, with real-time
traffic information, and automatic synchronisation of points of interest through cloud
storage, passing through such innovative applications like augmented reality.
Extending these technologies and their demand, however, entails the problem of the
nature of the information - often private or sensitive - associated with them. It is therefore
important to be especially aware of issues relating to security and privacy, in order to be
able to use geolocation tools responsibly and ensure their full enjoyment.
3
Available at: http://twitter.com/
4
Available at: http://sitios.tuenti.com
5
Available at: http://foursquare.com/
6
Available at: http://gowalla.com/
7
The term cloud storage refers to the systems permitting users to store all their information, records and data on third-party
servers in such a way that they can be accessible from any system with Internet access.
Three main components associated with any geolocation process can be distinguished.
8
Metadata can be defined as a dataset that define and characterise certain information associated to it.
• Latitude and longitude. Coordinates that measure the angle between any point
and its reference (the equator for latitude, the Greenwich meridian for longitude).
In practice, combining both angles allows you to express any position in the
Earth's surface.
• A-GPS. Assisted GPS. Improved GPS system, drawing on Support Servers (for
online mode) or preloaded information (for offline mode), which can accelerate the
process of connecting to satellites as well as improve the geo-referencing process
when the signal is weak.
Within the set of applications that make use of geolocation technology, two main groups
can be distinguished, depending on user interaction with the application:
• Online applications- usually Web applications used from any device. The user
requests a location and the application responds with existing information on the
Internet.
Both sets of applications are discussed below, broken down into categories according to
their scope with some illustrative examples being presented.
The term "online application" is understood as one which can be used with an Internet
connection. These web services are typically accessible via a standard Web browser,
although they are sometimes offered as a standalone application that must be installed on
the host operating system.
Typical services of such applications include information search and reverse geocoding,
consultation of various types of maps (geographical, physical or street maps), route
calculation (on foot or using vehicles) or creating customised maps.
Usually, using these services involves associating a user account, allowing you to store
information like points of interest, custom maps, etc.
• Google Maps 9 . Possibly the most widely-used mapping service. This is a Google-
owned company. Integrates other features of the company and information from
various services through the use of additional layers of Google Labs 10 .
9
Available at: http://maps.google.es/maps?hl=es&tab=wl
10
Available at: http://www.googlelabs.com/
• Google Street View 13 . Google Maps and Google Earth feature, which allows
panoramic street viewing in these services. In September 2010, it included
pictures of 30 different countries, some of them, such as Spain, with almost
complete coverage.
• Street Slide. Bing Maps feature similar to Google Street View. In October 2010, its
coverage was limited to areas of the United States and Canada.
However, there are examples of geolocated social networks aimed at the online
environment, and not confined only to mobile devices:
• Dopplr 16 . Social network aimed at organising trips, tours and meeting points.
Enables leisure or business tips to be defined, as well as sharing this information,
receiving notices on stays, and receiving advice from other users.
11
Available at: http://earth.google.es/
12
Available at: http://www.bing.com/maps/
13
Available at: http://maps.google.com/intl/es/help/maps/streetview/
14
Available at: http://www.panoramio.com/
15
Available at: http://www.flickr.com/map/
• Fire Eagle 18 . Yahoo!-owned social network used for storing locations of its users.
Most geolocation applications fall within the scope of mobile technologies. The market
penetration of so-called "smart phones" and the expansion of wireless broadband
technologies have helped the growth of such applications and user communities using
and supporting them.
The following operating systems can be found within the smart phone market, ordered by
market share 20 : Symbian OS (41.2%), BlackBerry with RIM OS (18.2%), Google's Android
(17.2%), Apple's iOS (14.2%), Microsoft's Windows Mobile (5.0%), Linux (2.4%) and
others (1.8%).
Geolocation applications for mobile devices typically tend to use the geo-referencing of
the device itself, either to geotag media content, or carry out geocoding and reverse
geocoding processes.
3.2.1 Maps
This encompasses applications designed for seeking information on maps. The user’s
geographical location is used as an important element in the process of finding
information. It is also common for these applications to be integrated with an online
service (and even desktop applications), allowing cloud data synchronisation.
• Google Maps 21 . Available for Android, Blackberry, iOS, Symbian and Windows
Mobile systems (although the features differ). This application integrates the
Google Maps service and the majority of its features in the Mobile Device.
16
Available at: http://www.dopplr.com/
17
Available at: http://plazes.com/
18
Available at: http://fireeagle.yahoo.net/
19
Informe UK Leads European Countries in Smartphone Adoption with 70% Growth in Past 12 Months, published by
comScore. Available at: http://www.comscore.com/Press_Events/Press_Releases
20
Source: Competitive Landscape: Mobile Devices, Worldwide, 2Q10 Available at:
http://www.gartner.com/it/page.jsp?id=1421013
21
Available at: http://www.google.es/mobile/maps/
• Google Earth. Available for some Android and iPhone systems. This application
integrates the Google Earth service and some of the features present in the
desktop application.
Some examples of GPS satellite navigation applications for mobile devices are as follows:
22
Available at: http://mytracks.appspot.com/
23
Available at: http://www.mapmytracks.com/
24
Available at: http://www.tomtom.com/
25
Available at: http://www.google.es/intl/es_ALL/mobile/navigation/
• CoPilot Live 26 . GPS navigation system that operates on its own hardware
platform, and is also compatible with iOS, Android and Windows Mobile.
• Nokia OviMapas 27 . Nokia GPS navigator, compatible only with some devices that
the Finnish manufacturer has released with the Symbian operating system.
Examples include:
• Facebook Places 29 . Application from the Facebook social network that, by making
use of geo-referencing mobile devices, can share the user's position with his
friends.
• Twitter Places 30 . Functionality from the Twitter social network allowing users,
through geo-referencing or an explicit specification, to define the exact location
associated with a particular message. Includes integration with Foursquare and
Gowalla social networks.
26
Available at: http://www.alk.com/copilot/
27
Available at: http://www.nokia.es/ovi/mapas
28
Available at: http://world.waze.com/
29
Available at: http://www.facebook.com/places/
30
Available at: http://support.twitter.com/entries/194473-twitter-places-and-how-to-use-them
31
Available at: http://foursquare.com/
Some examples of points of interest applications for mobile devices are as follows:
32
Available at: http://m.google.com/latitude
33
Available at: http://gowalla.com/
34
Available at: http://www.bliquo.es/
35
Available at: http://www.tweakersoft.com/mobile/aroundme.html
36
Available at: http://www.buzzd.com/
37
Available at: http://sites.google.com/site/placesdirectory/
Some examples of augmented reality applications for mobile devices are as follows:
• Layar 38 . This application works by loading "layers" of information from the Internet,
ranging from public transport to social games, and even information via Wikipedia,
etc. It is available for iOS and Android terminals, and Symbian version is expected
that is currently under development.
38
Available at: http://www.layar.com/
39
Available at: http://www.wikitude.org/
The nature of the data handled by geolocation applications concerning the geo-referenced
location of users means applications are considered as being particularly sensitive from a
security standpoint.
On the other hand, the fact that this information is sometimes integrated in social networks
increases the potential consequences of associated security and privacy flaws, as the
geolocation information is combined with all kinds of personal data. In this respect, sites
such as Please Rob Me 40 try - humorously in this case - to raise awareness about the
importance of safety in geolocation applications. The risks to citizens when transmitting
sensitive information relating to their geo-referencing are not limited to theft of information
or data through the Internet, but may even pose a threat to their physical and personal
safety.
The main features present in the whole geolocation process are described below to
analyse the associated risks and threats independently.
Perhaps the most important aspect related to the risk of geolocation applications is that of
privacy. The nature of the data used for geolocation applications is particularly sensitive,
and their integration into social networks compounds the problem.
Another important aspect related to privacy and geolocation is the unintentional disclosure
of private information. There are examples of people who have communicated their
40
Available at: http://pleaserobme.com/
The biggest problem related to privacy and geolocation, in most cases, lies with
companies irresponsibly processing data: transferring a user’s data without his consent,
misuse of data for market research outside of the terms of privacy, infringement of users’
privacy settings.
The case of a geo-social 41 network is known that displayed random information on its
website on a number of users and their last announced location. The problem was that
users selected and announced publicly, even though they had set up their own account
privately, and only wanted their information to be known by their contacts. After the
mistake was made public, the geo-social network in question changed the configuration of
its privacy policy.
In the field of personal computers (desktop or notebook), the operating systems used
are Microsoft Windows, Mac OS X and GNU/Linux. They all offer the user similar
services, allowing the system to manage resources.
Upon working, the operating system as a resource management tool becomes the central
point for managing the information stored and processed by the device. It is therefore one
of the most sensitive elements from a security standpoint.
41
Source: White Hat Uses Foursquare Privacy Hole to Capture 875K Check-Ins, Wired, 29 June 2010.Available at:
http://www.wired.com/threatlevel/2010/06/foursquare-privacy/
In the case of non-specific viruses, the damage can range from disabling the
operating system (possible service denial) to data theft.
In the case of specific viruses or Trojans, you can find custom-developed tools.
Trojans found in this classification include Zeus 42 , which aims to create botnets,
or networks of infected computers controlled remotely to carry out joint
operations. Security Research 43 has shown that the model generating botnets
by Trojan infection is extrapolated to smart phones, so the danger of such
attacks are not limited to personal computers.
2) Secondly, the operating system, like any software, is not free from security
flaws (“bugs”) permitting the intrusions of a hypothetical attacker.
The most dangerous security flaws in operating systems are those that allow it to
operate remotely, via an intercommunication network. In the case of portable
devices, the fact they have multiple interfaces for network communication
(telephone networks, wireless WiFi networks, Bluetooth, infrared, and so on)
increases the potential attack vectors in case of a security breach.
The fact the installation of unsigned programs is enabled can cause malicious
software to enter that, either impersonating an original or not, infects the
operating system and the programs and applications installed on it.
42
Available at: http://cert.inteco.es/cert/Notas_Actualidad/Aclaraciones_sobre_la_BotNet_Zeus
43
Available at: http://www.slideshare.net/rootedcon/david-barroso-iphone-botnets-fun-rootedcon-2010
3) In the case of online services, the range of possible security flaws increases.
Some of the existing threats 45 are:
o Cross-site scripting.
o SQL injection,
o Clickjacking.
o Form tampering.
44
The sandboxing or isolation of processes involves the separate execution of certain applications, controlling and isolating
system resources to which you are accessing.
45
More information: http://cert.inteco.es/cert/INTECOCERT
• From the logical standpoint of the connection, there are several man-in-the-middle
attacks, which allow intervening in a communication and intercepting unencrypted
information travelling on the Web. An example of this type of attack would be the
classic ARP poisoning 46 .
o In the case of physical wired networks, typical of the home and work
environment, the physical risk of interception is low.
Finally, you can purchase online distorting devices ("jammer") which prevent the use of
certain frequency bands used by mobile technologies. Using a device of this type prevents
the connection from one device to the mobile network, forcing it to connect to a malicious
wireless network, or preventing the connection to 3G networks to force its connection
using 2.5G technologies (like GPRS and EDGE).
46
ARP poisoning is a technique used by attackers in internal networks that is aimed at getting the surrounding network
traffic, even if this is not going to the attacker's own system. More information:
http://www.inteco.es/Seguridad/Observatorio/Estudios_e_Informes/Notas_y_Articulos/articulo_envenenamiento_ARP
47
Available at: http://cryptome.org/gsm-crack-bbk.pdf
In the case of PCs, this risk is low; although, it is quite high for laptops and especially
mobile devices and smart phones.
On the other hand, the risk of unauthorised modification to the hardware must also be
considered; the consequences of which can range from it malfunctioning (possible denial
of service) to capturing passwords through physical devices (called “keyloggers
hardware”).
It is recommended:
• To read carefully and understand the privacy policies of geolocation services and
geo-social networks.
• Carefully choose the group of users who can see the geolocation information
generated by applications or geo-social networking. Most social networks allow
you to configure this aspect, restricting posts to private groups.
The Spanish Constitution states, in Article 18.1, the right to honour, personal and family
privacy and self-image is guaranteed. In this respect, Organic Law 1/1982 on the Civil
Protection of the Right to Honour, personal and family privacy and self-image
states, in Article I, that the law will protect citizens against any kind of illegal interference
in accordance with such law. The Constitution also states in Article 18.3, that the secrecy
of communications is guaranteed, and Article 18.4, that the Law limits the use of
information technology to ensure the honour and personal and family privacy of citizens
and the full exercise of their rights.
Under Spanish law, the main law dedicated to ensuring compliance with Article 18.4 of the
Constitution is Organic Law 15/1999 on the Protection of Personal Data (LOPD), along
The RLOPD defined in article 81, three security levels, depending on the type of data
considered and their role in the individual's privacy: basic, medium and high 48 .
• High: processing information related to ideology, beliefs, religion, race, sex life,
health, those obtained for police purposes without the consent of those affected
(files from the State Security Forces) and derived from acts of domestic violence.
• Basic: processing personal data. Also data on ideology, trade union membership,
religion, beliefs, health, race or sex life, when used in connection with transferring
money, are accessories to completing a transaction or refer to disability or
invalidity status (this last case concerning health data).
• In addition, the Data Protection Act, in accordance with Article 81.2 paragraph f)
also provides for the possibility of basic data being considered medium level,
through being combined with other data, either directly or by implication, they
provide a definition of the characteristics or personality of citizens and evaluate
certain aspects of their personality or behaviour. This is especially important for
geo-social networks such as Foursquare, which combine geolocation information
with other private data relating to their users.
• In addition, the Data Protection Act provides an exception for the location data
which are the responsibility of operators providing electronic communications
available to the public or operate public electronic communications networks, in
which case, besides basic and medium-level security measures, the high-level
security measure contained in Article 103 of the regulations concerning registration
of accesses shall also apply.
48
Information from the Data Security Guide-2010 by the Spanish Data Protection Authority, available at:
https://www.agpd.es/portalwebAGPD/canaldocumentacion/publicaciones/common/Guias/GUIA_SEGURIDAD_2010.pdf
2) The purpose of collecting data, stating the legitimate aim with absolute
sincerity.
It is important to note that, except for reasons of public safety, as provided in Article 25 of
the Data Protection Act, all citizens may exercise their rights of access (query existing
information about themselves), correction (amending incorrect data), cancellation
(removing data from a file) and opposition (preventing the inclusion of their data in a file)
on the data that any file stores on this party.
The agency responsible for ensuring compliance with the Data Protection Act is the
Spanish Data Protection Authority (AEPD). Any files attached to the Data Protection
Act should be made known to the agency; in the case of publicly-owned files, through
publication in the Official State Gazette or the Official Journal and in the case of files in
private ownership, by giving explicit notice to AEPD by the party responsible.
The lack of attention to the rights of citizens established by law, the violation of these
rights, the lack of cooperation with the authorities and the AEPD, as well as the lack of
notice under the circumstances set forth by law, are causes that lead to the relevant
research by the AEPD, which may impose appropriate measures and sanctions under the
Data Protection Act.
Any citizen who proves the Data Protection Act has been breached may direct a complaint
to the AEPD, using the reporting model provided by this agency on its website. For more
information:
https://www.agpd.es/portalwebAGPD/canalciudadano/denunciasciudadano
The intervention of the AEPD not only takes place when a complaint is filed, but the
Agency may also act on its own, when it is considered that the rights of citizens, in relation
to privacy and data protection, have been violated. An example of this would be the
In conclusion, all citizens are covered by the Act concerning the protection of their
personal data, according to current legislation and the Constitution. Precisely because of
this, the responsible and safe use of these technologies is essential in order to enjoy their
services without compromising the intimate and personal aspect of citizens. This is also
so they can evolve and provide more functionality to the user.
49
Source: The Data Protection Authority opens in investigation into Google, El País, May 19, 2010. Available at:
http://www.elpais.com/articulo/tecnologia/Agencia/Proteccion/Datos/abre/investigacion/Google/elpeputec/20100519elpepute
c_5/Tes
Once the risks and threats associated with geolocation technologies are known, the
security settings and practices must be defined which, through their implementation, allow
the safe use of these applications.
It is recommended:
• To use original software, with a source that is known and can be certified.
It is recommended:
• To establish, within application settings, the time the geolocation functions are
allowed to be used, and who this information will be shared with.
• To take into account the data linking that certain geolocation applications establish
with social networks.
• In online applications, use a plug-in designed to prevent web attacks and being
exposed to vulnerabilities 50 .
It is recommended:
• To connect to networks you trust as far as possible. It is better to use your home or
work network, before any others.
• In local networks, check that the connection to the gateway is direct and the
computer is not suffering from a man-in-the-middle attack. To do this, you can go
to connection trace tools (such as tracert in Microsoft Windows or traceroute in
GNU/Linux and Mac OS X) or consult the ARP table of correspondences.
• Never to use any open WiFi networks with an unknown origin and be suspicious of
free WiFi networks, such as those provided in bars and cafes.
It is recommended:
• To install remote erasing programs, which in the event of theft or loss, and if
recovery is impossible, allow you to delete all private information on the device.
• To install programs that prevent the device from being used if you change the
installed SIM card.
50
For example, NoScript for Mozilla Firefox. Available at: http://noscript.net/ This is available for iOS, Android and Symbian
devices.
• For laptops, use a security cable to anchor it to a fixed structure when it is used in
public places.
• Set access passwords for all devices, including desktops, laptops and mobile
devices.
• Ensure that, after activating a suspended device, it requests the access password
again or a different one.
• Use strong passwords, combining numbers, uppercase and lowercase letters, and
symbols, with a minimum length of 8 characters. In addition you must also change
passwords fairly frequently.
http://www.scribd.com/ObservaINTECO
http://twitter.com/ObservaINTECO
http://www.inteco.es/blog/Seguridad/Observatorio/BlogSeguridad/
observatorio@inteco.es
www.inteco.es
Guide to security and privacy of geolocation tools Page 31 of 31
Information Security Observatory