Guide to security and privacy

of geolocation tools

Guide to security and privacy of geolocation tools Page 1 of 31

INFORMATION SECURITY OBSERVATORY
Information Security Observatory
 Edition: March 2011

The "Guide to security and privacy of geolocation tools" has been prepared by the Information
Security Observatory team at INTECO:

Pablo Pérez San-José (management)

Cristina Gutiérrez Borge (coordination)

Eduardo Álvarez Alonso

Susana de la Fuente Rodríguez

Laura García Pérez

The National Institute of Communication Technologies (INTECO), public cooperation

assigned to the Ministry of Industry, Trade and Tourism through the State Department for
Telecommunications and for the Information Society, is a platform for developing the Knowledge
Society through projects in the field of innovation and technology.

The mission of INTECO is to provide value and innovation to individuals, SMEs, Public
Authorities and the information technology sector through developing projects which contribute
towards increasing confidence in our country’s Information Society services, while also
promoting an international course of participation. To this end, INTECO will develop actions in
the following areas: Security Technology, Accessibility, ICT Quality and Training.

The Information Security Observatory (http://observatorio.inteco.es) falls within INTECO’s

strategic course of action concerning Technological Security, and is a national and international
icon in serving Spanish citizens, companies and authorities in order to describe, analyse, assess
and spread the Information Society’s culture of security and trust.

This publication belongs to the National Institute of Communication Technologies (INTECO) and is under a Creative
Commons Non-commercial 2. 5 Spain Recognition license, and thus it is permitted to copy, distribute and communicate this
work publicly under the following conditions:
• Recognition: The contents of this report can be reproduced in whole or in part by third parties, by citing its origin
and making express reference to both INTECO and its website: www.inteco.es. This recognition may in no case
suggest that INTECO supports or endorses the third party's use of its work.
• Non-commercial use: The original material and derivative works can be distributed, copied and displayed while
their use is not commercial.
For any reuse or distribution, you must make the license terms of this work clear to others. Any of these conditions can be
waived if you get permission from INTECO as owner of the copyright. Nothing in this license impairs or restricts the moral
rights of INTECO. http://creativecommons.org/licenses/by-nc/2.5/es/
This document complies with the accessibility conditions of PDF (Portable Document Format). This is a structured and
labelled document provided with alternatives to all non-text element, language mark up and appropriate reading order.
For more information on preparing accessible PDF documents, you can consult the guide available in the Accessibility
section > Training > Manuals and Guides on the webpage http://www.inteco.es

Guide to security and privacy of geolocation tools Page 2 of 31

Information Security Observatory
 Contents
1  INTRODUCTION............................................................................. 4 

2  WHAT IS GEOLOCATION? ............................................................ 6 

2.1  GENERAL ASPECTS............................................................................... 6 

2.2  GEOLOCATION TERMINOLOGY ............................................................ 8 

3  GEOLOCATION APPLICATIONS................................................... 9 

3.1  ONLINE APPLICATIONS ......................................................................... 9 

3.2  APPLICATIONS FOR MOBILE DEVICES ............................................. 12 

4  RISKS RELATED TO GEOLOCATION ........................................ 17 

4.1  PRIVACY RISKS .................................................................................... 17 

4.2  SECURITY RISKS .................................................................................. 18 

5  PRIVACY RECOMMENDACIONS FOR USING GEOLOCATION 23 

6  SECURITY RECOMMENDATIONS FOR USING

GEOLOCATION ............................................................................ 27 

6.1  OPERATING SYSTEM SECURITY ........................................................ 27 

6.2  GEOLOCATION SOFTWARE ................................................................ 28 

6.3  COMMUNICATION NETWORK ............................................................. 29 

6.4  PHYSICAL SECURITY ........................................................................... 29 

Guide to security and privacy of geolocation tools Page 3 of 31

Information Security Observatory
1. Introduction
1 INTRODUCTION

'Geolocation' refers to the set of technologies that combine geo-referencing objects in the
real world with information obtained through an Internet connection.

It is one of the most popular manifestations of the current development of Information and
Communications Technologies (ICT), which is recently experiencing a significant rise.

Illustration 1: Geo-referencing of multimedia content on a map

Mobile devices are particularly appropriate for applying geolocation technology. First,
multiple mechanisms have been developed to enable geolocating a device (either through
GPS 1 technology, WiFi wireless networks, or the actual mobile networks). Secondly, the
development of mobile broadband allows the so-called "smart phones" to connect to the
Internet.

It is also important to note the close relationship developed between geolocation

technologies and social networks, collaborative communities, and other services related to
the so-called Web 2.0. Users have the opportunity to integrate virtually any kind of geo-
referenced information on popular social networks such as Facebook 2 , Twitter 3 or Tuenti 4 ;

1
GPS. Global Positioning System.
2
Available at: http://www.facebook.com/places

Guide to security and privacy of geolocation tools Page 4 of 31

Information Security Observatory
as well as using new specially-designed social networks that are developed on
geolocation technology including the popular Foursquare 5 and Gowalla 6 , among others.

Online geolocation applications make it possible, from any device connected to the
Internet (whether it be a mobile device, laptop, desktop, etc.), to obtain all types of
information in real time and locate it on the map with pinpoint accuracy.

Combining this technology with cloud storage systems 7 , also allows information to be
automatically synchronised between heterogeneous devices.

The functionality of such applications range from something as simple as finding a nearby
service station, to something as complex as obtaining car navigation routes, with real-time
traffic information, and automatic synchronisation of points of interest through cloud
storage, passing through such innovative applications like augmented reality.

Extending these technologies and their demand, however, entails the problem of the
nature of the information - often private or sensitive - associated with them. It is therefore
important to be especially aware of issues relating to security and privacy, in order to be
able to use geolocation tools responsibly and ensure their full enjoyment.

3
Available at: http://twitter.com/
4
Available at: http://sitios.tuenti.com
5
Available at: http://foursquare.com/
6
Available at: http://gowalla.com/
7
The term cloud storage refers to the systems permitting users to store all their information, records and data on third-party
servers in such a way that they can be accessible from any system with Internet access.

Guide to security and privacy of geolocation tools Page 5 of 31

Information Security Observatory
2. What is geolocation?
2 WHAT IS GEOLOCATION?

2.1 GENERAL ASPECTS

The term geolocation comprises the combination of a number of technologies aimed at

using information linked to a geographic location in the real world.

Three main components associated with any geolocation process can be distinguished.

1) A hardware device to act as a platform to develop the geolocation process.

This may be a desktop, laptop, mobile device, GPS satellite navigation receiver,
camera, etc. Where physically locating the device acts as a key element in the
process, the hardware device incorporates the necessary mechanisms to allow
such locating (for example, a GPS satellite navigation receiver).

2) A software program to run the geolocation process according to its

implementation. This software will run on the hardware device’s platform, and
relies on this to carry out the information search, determine geographical
locations, and associate both elements.

3) An Internet connection to act as a means of obtaining and exchanging

information and, sometimes, as its storage and processing system (depending
on "the cloud" model). Exceptionally geolocation processes can be run without
using an Internet connection (offline mode), when the necessary data have
already been preloaded in the device’s memory.

Three main categories of common uses for geolocation technology can be

distinguished.

1) The physical location of an object or individual in a coordinate system (geo-

referencing process) to subsequently access specific information. An example
would be using a satellite navigation system via GPS.

2) Searching for information and its physical location in a coordinate system

(geocoding process). An example of this would be using a mapping service to
search for museums in a particular city.

3) Adding geographic information to generated content (geotagging process),

usually as a later step in the geo-referencing process. An example of this would
be creating a photograph, including the coordinates of where it was taken in its
metadata 8 .

8
Metadata can be defined as a dataset that define and characterise certain information associated to it.

Guide to security and privacy of geolocation tools Page 6 of 31

Information Security Observatory
Given the importance of the geo-referencing process, and because it plays an important
role in the vast majority of geolocation applications, sometimes both terms are used
interchangeably.

The most relevant geo-referencing technologies are as follows.

1) GPS. Through using the GPS satellite network, it is possible to geo-reference a

device with an accuracy of between 1 and 15 metres (about 3 metres in 95% of
cases). A GPS receiver is required, as the satellites only broadcast the signal,
with it being impossible to locate a particular receiver from the GPS network.

2) WiFi networks. As these use enormous databases, these can geo-reference a

device with accuracy proportional to the range of a WiFi network (typically
between 30 and 100 metres). How this system works depends on the service
coverage in the geographical area, as well as whether its databases are
upgraded. In addition, looking up these databases involves sending geolocation
information to them.

3) Mobile networks. All terminals connected to a mobile phone and/or data

network may be geo-referenced with an accuracy that directly depends on the
radio coverage of the device (between 50 and 500 metres in urban areas).

4) IP Address. The most inaccurate method uses databases mapping IP

addresses to suppliers and their geographical distribution. In practice is it not a
valid locating mechanism to establish geo-referencing, except on very specific
occasions where accuracy is not an important factor.

Practical applications of geolocation technologies are extremely varied and, being a

relatively new and emerging environment, the future possibilities are very promising.

• On a personal level, there are many leisure-related applications, ranging from

social networks (traditional such as Facebook, or specific such as Foursquare) to
utilities (GPS satellite navigation, plotting routes on maps, hiking, etc.)

• On a professional and business level, there are applications ranging from

security (locating wrecked vehicles,
applying geo-referencing to car
insurance for novice drivers, locating
stolen vehicles, etc.) to market research
(for example, through statistics
generated by social networks such as
Foursquare).

Guide to security and privacy of geolocation tools Page 7 of 31

Information Security Observatory
2.2 GEOLOCATION TERMINOLOGY

• Latitude and longitude. Coordinates that measure the angle between any point
and its reference (the equator for latitude, the Greenwich meridian for longitude).
In practice, combining both angles allows you to express any position in the
Earth's surface.

• Geo-referencing. Process of defining an object in a physical space, by calculating

its location in a coordinate system. It is most commonly used to locate physical
objects (people, places, etc.) in geographical coordinates.

• Geocoding. Process of assigning geographic coordinates (typically latitude and

longitude) to a point on the map (locations, addresses, etc.) This allows this point
to be located in a geographical information system.

• Reverse geocoding. Reverse geocoding process, and consistent in obtaining

data, from a geographic coordinate, a human-readable location (address, place
names, etc.)

• Geotagging. Process of adding geographic information to a file's metadata

(usually image, audio or video), so as to allow subsequent geo-referencing.

• Geomatics. Set of knowledge domains aimed at capturing, processing, storing,

and disseminating geographic information. Geolocation technology falls under
Geomatics.

• GPS. Global Positioning System. Global satellite navigation system enabling

objects to be geo-referenced on the Earth's surface with great accuracy (metres,
centimetres for differential systems). It operates based on a constellation of 32
satellites in average geosynchronous orbit, maintained and operated by the United
States Defence Department.

• A-GPS. Assisted GPS. Improved GPS system, drawing on Support Servers (for
online mode) or preloaded information (for offline mode), which can accelerate the
process of connecting to satellites as well as improve the geo-referencing process
when the signal is weak.

• Triangulation. Geometric method based on triangle trigonometry that, by using

the position of several known points as a reference, is able to accurately determine
the position of another unknown point. Specifically, in the case of the GPS system,
three satellites are required to determine the position of a receiver, although in
practice a fourth one is used to correct accuracy errors.

Guide to security and privacy of geolocation tools Page 8 of 31

Information Security Observatory
3. Geolocation applications
3 GEOLOCATION APPLICATIONS

Within the set of applications that make use of geolocation technology, two main groups
can be distinguished, depending on user interaction with the application:

• Online applications- usually Web applications used from any device. The user
requests a location and the application responds with existing information on the
Internet.

• Applications designed specifically for use on mobile devices. In these cases,

the location of the mobile device is used as an input to the system when
calculating the required information.

Both sets of applications are discussed below, broken down into categories according to
their scope with some illustrative examples being presented.

3.1 ONLINE APPLICATIONS

The term "online application" is understood as one which can be used with an Internet
connection. These web services are typically accessible via a standard Web browser,
although they are sometimes offered as a standalone application that must be installed on
the host operating system.

By using geolocation technology, these applications interrelate existing information on the

Internet, with that provided by the user. Typically, these applications do not perform geo-
referencing processes but work by drawing on existing information and providing
geocoding and reverse geocoding services.

Guide to security and privacy of geolocation tools Page 9 of 31

Information Security Observatory
3.1.1 Maps
This encompasses applications designed for seeking information on maps.

Typical services of such applications include information search and reverse geocoding,
consultation of various types of maps (geographical, physical or street maps), route
calculation (on foot or using vehicles) or creating customised maps.

Illustration 2: Google Maps mapping application

Usually, using these services involves associating a user account, allowing you to store
information like points of interest, custom maps, etc.

Some examples of map applications are the following:

• Google Maps 9 . Possibly the most widely-used mapping service. This is a Google-
owned company. Integrates other features of the company and information from
various services through the use of additional layers of Google Labs 10 .

• Google Earth 11 . This is a Google-owned Geographic Information System (GIS),

which combines functionality from different services with 3D recreations of the
surface of the Earth, the Moon and even Mars.

9
Available at: http://maps.google.es/maps?hl=es&tab=wl
10
Available at: http://www.googlelabs.com/

Guide to security and privacy of geolocation tools Page 10 of 31

Information Security Observatory
 • Bing Maps 12 . Microsoft’s counterpart to the Google Maps service. This offers
similar features and equivalent technologies to most of those integrated by
Google.

3.1.2 Images and geotagging

This suite of geolocation applications uses images as a means of transmitting information.
The images are captured and geotagged by some kind of mobile device to be
subsequently included in a database allowing searching and geocoding as an online
service.

Some examples of image and geotagging applications are as follows:

• Google Street View 13 . Google Maps and Google Earth feature, which allows
panoramic street viewing in these services. In September 2010, it included
pictures of 30 different countries, some of them, such as Spain, with almost
complete coverage.

• Street Slide. Bing Maps feature similar to Google Street View. In October 2010, its
coverage was limited to areas of the United States and Canada.

• Panoramio 14 . Service for sharing photographs taken, geotagged and geo-

referenced by users. This belongs to Google.

• Flickr Maps 15 . Service that makes searching geotagged photos possible. In

October 2010, the service had over 122 million photographs.

3.1.3 Social networks

Geolocation applications related to social networks are included in this group, most of
which are presented as additions to traditional social networks, and can integrate geo-
referencing tools using mobile devices.

However, there are examples of geolocated social networks aimed at the online
environment, and not confined only to mobile devices:

• Dopplr 16 . Social network aimed at organising trips, tours and meeting points.
Enables leisure or business tips to be defined, as well as sharing this information,
receiving notices on stays, and receiving advice from other users.

11
Available at: http://earth.google.es/
12
Available at: http://www.bing.com/maps/
13
Available at: http://maps.google.com/intl/es/help/maps/streetview/
14
Available at: http://www.panoramio.com/
15
Available at: http://www.flickr.com/map/

Guide to security and privacy of geolocation tools Page 11 of 31

Information Security Observatory
 • Plazes 17 . Social network designed to share the location and activity of its users.

• Fire Eagle 18 . Yahoo!-owned social network used for storing locations of its users.

3.2 APPLICATIONS FOR MOBILE DEVICES

Most geolocation applications fall within the scope of mobile technologies. The market
penetration of so-called "smart phones" and the expansion of wireless broadband
technologies have helped the growth of such applications and user communities using
and supporting them.

According to data collected in March 2010 19 , the proportion of intelligent terminals in

Spain was 28.3% and 3G handsets is the highest in relation to the main European
countries (UK, France, Italy and Germany) with 53%.

The following operating systems can be found within the smart phone market, ordered by
market share 20 : Symbian OS (41.2%), BlackBerry with RIM OS (18.2%), Google's Android
(17.2%), Apple's iOS (14.2%), Microsoft's Windows Mobile (5.0%), Linux (2.4%) and
others (1.8%).

Geolocation applications for mobile devices typically tend to use the geo-referencing of
the device itself, either to geotag media content, or carry out geocoding and reverse
geocoding processes.

3.2.1 Maps
This encompasses applications designed for seeking information on maps. The user’s
geographical location is used as an important element in the process of finding
information. It is also common for these applications to be integrated with an online
service (and even desktop applications), allowing cloud data synchronisation.

Some examples of map applications for mobile devices are as follows:

• Google Maps 21 . Available for Android, Blackberry, iOS, Symbian and Windows
Mobile systems (although the features differ). This application integrates the
Google Maps service and the majority of its features in the Mobile Device.

16
Available at: http://www.dopplr.com/
17
Available at: http://plazes.com/
18
Available at: http://fireeagle.yahoo.net/
19
Informe UK Leads European Countries in Smartphone Adoption with 70% Growth in Past 12 Months, published by
comScore. Available at: http://www.comscore.com/Press_Events/Press_Releases
20
Source: Competitive Landscape: Mobile Devices, Worldwide, 2Q10 Available at:
http://www.gartner.com/it/page.jsp?id=1421013
21
Available at: http://www.google.es/mobile/maps/

Guide to security and privacy of geolocation tools Page 12 of 31

Information Security Observatory
 Illustration 3: Google Maps 4.5.1 in Android 2.2

• Google Earth. Available for some Android and iPhone systems. This application
integrates the Google Earth service and some of the features present in the
desktop application.

• MyTracks 22 (Android), Map My Tracks 23 (iPhone, Symbian, Blackberry, Windows

Mobile). Applications that allow geolocated routes to be recorded as well as
integrating them into other services and social networks.

3.2.2 GPS navigation

This includes applications designed for navigating step-by-step, on foot or in vehicle by
making use of a GPS device. This is mainly used in cars.

Some examples of GPS satellite navigation applications for mobile devices are as follows:

• Tom Tom Navigator 24 . Possibly the most-

widespread and used GPS, operates on its own
hardware platform (embedded devices) as well as
in iOS, Windows Mobile, Symbian (discontinued
version). It supports multiple languages, maps for
different geographic areas, points of interest, and
real-time traffic information (with subscription).

• Google Maps Navigator 25 . Google GPS

navigator integrated with the maps and

22
Available at: http://mytracks.appspot.com/
23
Available at: http://www.mapmytracks.com/
24
Available at: http://www.tomtom.com/
25
Available at: http://www.google.es/intl/es_ALL/mobile/navigation/

Guide to security and privacy of geolocation tools Page 13 of 31

Information Security Observatory
 functionality of the Google Maps service, which provides real-time traffic
information. This requires a data connection to use maps, and in October 2010 it
was only available for Android.

• CoPilot Live 26 . GPS navigation system that operates on its own hardware
platform, and is also compatible with iOS, Android and Windows Mobile.

• Nokia OviMapas 27 . Nokia GPS navigator, compatible only with some devices that
the Finnish manufacturer has released with the Symbian operating system.

• Waze 28 . GPS Navigation System with collaborative information on traffic

conditions and incidents on the road. This is available for iOS, Android, Windows
Mobile and Symbian.

3.2.3 Social networks

This group includes those applications that have the main purpose of integrating
information in social networks, either traditional (such as Facebook or Twitter) or specific
for mobile applications. These applications are the most-widely present within the field of
geolocation in mobile devices.

Examples include:

• Facebook Places 29 . Application from the Facebook social network that, by making
use of geo-referencing mobile devices, can share the user's position with his
friends.

• Twitter Places 30 . Functionality from the Twitter social network allowing users,
through geo-referencing or an explicit specification, to define the exact location
associated with a particular message. Includes integration with Foursquare and
Gowalla social networks.

• Foursquare 31 . Geo-social network based on geo-referencing their users, they

"check-in" in various places. With this information you can participate in social
games, promotions and special events. Its application is available for iOS, Android,
Blackberry, Windows Phone 7 and webOS.

26
Available at: http://www.alk.com/copilot/
27
Available at: http://www.nokia.es/ovi/mapas
28
Available at: http://world.waze.com/
29
Available at: http://www.facebook.com/places/
30
Available at: http://support.twitter.com/entries/194473-twitter-places-and-how-to-use-them
31
Available at: http://foursquare.com/

Guide to security and privacy of geolocation tools Page 14 of 31

Information Security Observatory
 • Google Latitude 32 . Geolocation service for Google mobile devices. This service is
integrated with most Google services, and compatible with Android, iOS,
Blackberry, Windows Mobile and Symbian.

• Gowalla 33 . Geo-social network based on geo-referencing users with a basic

operation that is very similar to Foursquare. This is available for Android, iOS,
webOS and BlackBerry, as well as through its website.

3.2.4 Points of interest

This group includes applications that allow users to locate places of interest nearby
(restaurants and shops, etc.) from their geographical location.

Some examples of points of interest applications for mobile devices are as follows:

• Bliquo 34 . A service that is defined as an "urban entertainment seeker” that can

consult specialised directories of restaurants, bars, clubs, etc. This incorporates a
social component to enable creating and viewing comments and ratings. This is
available for iOS and Android.

• AroundMe 35 . A points of interest search service for iOS.

• Buzzd 36 . Geosocial search network of points of interest.

This is available for Android, iOS, BlackBerry, as well as a
social network service through its website.

• Google Places Directory 37 . A points of interest search

service for Google. Allows it to be integrated in Google
Maps, as well as defining custom categories. This is
available for Android.

Illustration 4: Google Places Directory 1.0.24 in Android 2.2

3.2.5 Augmented reality

This group includes applications that, by using geo-referencing as well as other detection
technologies (motion and orientation sensors, compass, etc.), allow users to enrich the
real world view, combined with virtual information extracted from the Internet.

32
Available at: http://m.google.com/latitude
33
Available at: http://gowalla.com/
34
Available at: http://www.bliquo.es/
35
Available at: http://www.tweakersoft.com/mobile/aroundme.html
36
Available at: http://www.buzzd.com/
37
Available at: http://sites.google.com/site/placesdirectory/

Guide to security and privacy of geolocation tools Page 15 of 31

Information Security Observatory
Geo-referencing makes it possible to determine the user's position, and the guidance
sensors make it possible to determine where you are looking. The application captures
the image of the real world obtained through a camera from what you see and adds the
information obtained through the Internet on the screen.

Illustration 5: Augmented reality with Layar 4.0.1 in Android 2.2

Some examples of augmented reality applications for mobile devices are as follows:

• Layar 38 . This application works by loading "layers" of information from the Internet,
ranging from public transport to social games, and even information via Wikipedia,
etc. It is available for iOS and Android terminals, and Symbian version is expected
that is currently under development.

• Wikitude 39 . Augmented reality Explorer focused especially on the field of tourism,

including travel guides and step by step navigation. This is available for iOS,
Android and Symbian devices.

38
Available at: http://www.layar.com/
39
Available at: http://www.wikitude.org/

Guide to security and privacy of geolocation tools Page 16 of 31

Information Security Observatory
4. Risks related to geolocation
4 RISKS RELATED TO GEOLOCATION

The nature of the data handled by geolocation applications concerning the geo-referenced
location of users means applications are considered as being particularly sensitive from a
security standpoint.

On the other hand, the fact that this information is sometimes integrated in social networks
increases the potential consequences of associated security and privacy flaws, as the
geolocation information is combined with all kinds of personal data. In this respect, sites
such as Please Rob Me 40 try - humorously in this case - to raise awareness about the
importance of safety in geolocation applications. The risks to citizens when transmitting
sensitive information relating to their geo-referencing are not limited to theft of information
or data through the Internet, but may even pose a threat to their physical and personal
safety.

The main features present in the whole geolocation process are described below to
analyse the associated risks and threats independently.

4.1 PRIVACY RISKS

Perhaps the most important aspect related to the risk of geolocation applications is that of
privacy. The nature of the data used for geolocation applications is particularly sensitive,
and their integration into social networks compounds the problem.

Thus, it is dangerous that there is no restriction on the scope

in which the data will be available. The fact that anyone can
find out the location of a citizen carries risks ranging from data
theft, robbery or physical theft, to aggression against him.

Also, the fact that the user’s location can be ascertained at

any time, it can lead to the creation of a profile of the person,
and be used without permission in market research, sending
advertising, etc.

You should also be aware of the risk posed by social

engineering in the case of geo-social networks. A user could
impersonate another person or make friends or contact with some excuse, hiding a
malicious interest.

Another important aspect related to privacy and geolocation is the unintentional disclosure
of private information. There are examples of people who have communicated their

40
Available at: http://pleaserobme.com/

Guide to security and privacy of geolocation tools Page 17 of 31

Information Security Observatory
position through geo-social networks, and have subsequently come across problems
when that information is made known in their professional or personal circle.

The biggest problem related to privacy and geolocation, in most cases, lies with
companies irresponsibly processing data: transferring a user’s data without his consent,
misuse of data for market research outside of the terms of privacy, infringement of users’
privacy settings.

The case of a geo-social 41 network is known that displayed random information on its
website on a number of users and their last announced location. The problem was that
users selected and announced publicly, even though they had set up their own account
privately, and only wanted their information to be known by their contacts. After the
mistake was made public, the geo-social network in question changed the configuration of
its privacy policy.

4.2 SECURITY RISKS

4.2.1 Risks to operating system security

To carry out its functions, any device runs a special type of software that manages system
resources. This software is known as the "operating system", and plays a key role in
security.

In the field of personal computers (desktop or notebook), the operating systems used
are Microsoft Windows, Mac OS X and GNU/Linux. They all offer the user similar
services, allowing the system to manage resources.

In the field of mobile devices, and ignoring embedded

systems (such as GPS navigation devices), the most-used
operating systems are Google's Android, Apple’s iOS,
Microsoft’s Windows Mobile and Windows Phone, Symbian
Foundation’s Symbian OS, RIM’s Blackberry and Palm’s
webOS. Again, they all offer the user similar services and
allow access to system resources.

Upon working, the operating system as a resource management tool becomes the central
point for managing the information stored and processed by the device. It is therefore one
of the most sensitive elements from a security standpoint.

41
Source: White Hat Uses Foursquare Privacy Hole to Capture 875K Check-Ins, Wired, 29 June 2010.Available at:
http://www.wired.com/threatlevel/2010/06/foursquare-privacy/

Guide to security and privacy of geolocation tools Page 18 of 31

Information Security Observatory
 1) One of the most obvious threats is malicious code or malware, which usually
takes the form of viruses, trojans and spyware. Such programs infect the host
operating system in order to damage the system or the information contained in
it.

In the case of non-specific viruses, the damage can range from disabling the
operating system (possible service denial) to data theft.

In the case of specific viruses or Trojans, you can find custom-developed tools.
Trojans found in this classification include Zeus 42 , which aims to create botnets,
or networks of infected computers controlled remotely to carry out joint
operations. Security Research 43 has shown that the model generating botnets
by Trojan infection is extrapolated to smart phones, so the danger of such
attacks are not limited to personal computers.

2) Secondly, the operating system, like any software, is not free from security
flaws (“bugs”) permitting the intrusions of a hypothetical attacker.

The most dangerous security flaws in operating systems are those that allow it to
operate remotely, via an intercommunication network. In the case of portable
devices, the fact they have multiple interfaces for network communication
(telephone networks, wireless WiFi networks, Bluetooth, infrared, and so on)
increases the potential attack vectors in case of a security breach.

3) In addition, in the case of smart phones and portable devices, unauthorised

modification of the operating system is common to access functions that are
blocked by the manufacturer. An example of such modifications is jailbreak on
iOS devices or rooting on Android devices.

The fact the installation of unsigned programs is enabled can cause malicious
software to enter that, either impersonating an original or not, infects the
operating system and the programs and applications installed on it.

4.2.2 Risks associated with geolocation software

All gelocation software, just like in the case of the operating system, is susceptible to
security flaws. Even when the operating system is working correctly and is free of flaws (in
an ideal situation), a flaw in the software loaded to manage the gelocation process could
entail a potential attack vector, with it even being possible for the flaw to reach the actual
operating system.

42
Available at: http://cert.inteco.es/cert/Notas_Actualidad/Aclaraciones_sobre_la_BotNet_Zeus
43
Available at: http://www.slideshare.net/rootedcon/david-barroso-iphone-botnets-fun-rootedcon-2010

Guide to security and privacy of geolocation tools Page 19 of 31

Information Security Observatory
 1) In the case of specific applications, the seriousness of these security flaws is
directionally proportional to the level of user privileges being run, with it being
possible to limit the possible damage to the operating system in this way.

2) In the specific case of mobile devices, these usually work on a sandboxing 44

system, whereby virtual machines allow the environment of the application being
run to be isolated.

Nevertheless, in the event of a flaw to these features, the information managed

by the actual application will always be compromised, which may cause privacy
flaws.

3) In the case of online services, the range of possible security flaws increases.
Some of the existing threats 45 are:

o Cross-site scripting.

o Cross-site request forgery.

o SQL injection,

o Clickjacking.

o Form tampering.

4.2.3 Risks in network communication

Leaving aside the fact that an Internet connection entails a possible attack vector, the
main problem associated with an Internet connection is eavesdropping.

Due to the Internet’s actual architecture, the information in its

path between the communication source and destination
travels through an undetermined number of machines. Thus,
any communication that is not protected by cryptographic
methods is capable of being operated by unauthorised
persons.

For specific geolocation applications (both mobile and

desktop), it is not always possible to know the
communication mechanisms used, and if they operate on a

44
The sandboxing or isolation of processes involves the separate execution of certain applications, controlling and isolating
system resources to which you are accessing.
45
More information: http://cert.inteco.es/cert/INTECOCERT

Guide to security and privacy of geolocation tools Page 20 of 31

Information Security Observatory
secure connection, encrypted or not.

In addition, the security factor of the interconnection network itself is noteworthy.

• From the logical standpoint of the connection, there are several man-in-the-middle
attacks, which allow intervening in a communication and intercepting unencrypted
information travelling on the Web. An example of this type of attack would be the
classic ARP poisoning 46 .

• From the physical point of view, the possible interception of communication

depends heavily on the type of network used.

o In the case of physical wired networks, typical of the home and work
environment, the physical risk of interception is low.

o This risk increases dramatically in the case of wireless networks, as they

are openly exposed to the network’s physical environment.

o In the case of open networks (without a password), there is no physical

protection, and data are therefore exposed. In exchange, encryption
algorithms are used, such as WPA and WPA2, through which the physical
protection increases when dealing with robust algorithms. However, it is not
infallible, as the effectiveness of the algorithm is also linked to the type of
password used as a protection key.

o In the case of mobile networks the situation is similar. Third generation

mobile networks (3G) are considered fairly robust in terms of the safety of
their encryption algorithms and protection. On the other hand, the security
of networks of second generation (2G and 2.5G) has been challenged in
several studies 47 , and it is now not considered safe.

Finally, you can purchase online distorting devices ("jammer") which prevent the use of
certain frequency bands used by mobile technologies. Using a device of this type prevents
the connection from one device to the mobile network, forcing it to connect to a malicious
wireless network, or preventing the connection to 3G networks to force its connection
using 2.5G technologies (like GPRS and EDGE).

46
ARP poisoning is a technique used by attackers in internal networks that is aimed at getting the surrounding network
traffic, even if this is not going to the attacker's own system. More information:
http://www.inteco.es/Seguridad/Observatorio/Estudios_e_Informes/Notas_y_Articulos/articulo_envenenamiento_ARP
47
Available at: http://cryptome.org/gsm-crack-bbk.pdf

Guide to security and privacy of geolocation tools Page 21 of 31

Information Security Observatory
4.2.4 PHYSICAL SECURITY RISKS
Physical security is defined as that which is related to hardware devices, in this case
those in which a geolocation process occurs. The most obvious risk is the loss or theft of a
hardware device, in which personal data could be stored, as well as passwords for access
to geolocation services, etc.

In the case of PCs, this risk is low; although, it is quite high for laptops and especially
mobile devices and smart phones.

On the other hand, the risk of unauthorised modification to the hardware must also be
considered; the consequences of which can range from it malfunctioning (possible denial
of service) to capturing passwords through physical devices (called “keyloggers
hardware”).

Guide to security and privacy of geolocation tools Page 22 of 31

Information Security Observatory
 Privacy recommendations for using
5.
5
geolocation
PRIVACY RECOMMENDACIONS FOR USING GEOLOCATION

It is recommended:

• To read carefully and understand the privacy policies of geolocation services and
geo-social networks.

• In general, restricting information that is available publicly as much as possible.

• Be cautious, as a general rule, of anyone you don't know.

• Adapt the accuracy of the detail of posts on geo-referencing. For example, in a

tourism-oriented network it may be sufficient to announce the city you are staying
in with it being unnecessary to also announce the particular hotel.

• Carefully choose the group of users who can see the geolocation information
generated by applications or geo-social networking. Most social networks allow
you to configure this aspect, restricting posts to private groups.

• Correctly configure links between geo-referencing

applications and social networks, avoiding sending
indiscriminate information at all costs.

• Do not provide information that could lead to the

place where a user is at any given time being
deduced. In order to do this, you should avoid
announcing movement patterns (e.g. to your
working environment) and holiday periods.

In the geolocation field, the relevant legal framework

covers various aspects of personal data privacy.

The Spanish Constitution states, in Article 18.1, the right to honour, personal and family
privacy and self-image is guaranteed. In this respect, Organic Law 1/1982 on the Civil
Protection of the Right to Honour, personal and family privacy and self-image
states, in Article I, that the law will protect citizens against any kind of illegal interference
in accordance with such law. The Constitution also states in Article 18.3, that the secrecy
of communications is guaranteed, and Article 18.4, that the Law limits the use of
information technology to ensure the honour and personal and family privacy of citizens
and the full exercise of their rights.

Under Spanish law, the main law dedicated to ensuring compliance with Article 18.4 of the
Constitution is Organic Law 15/1999 on the Protection of Personal Data (LOPD), along

Guide to security and privacy of geolocation tools Page 23 of 31

Information Security Observatory
with Royal Decree 1720/2007 on the development of Organic Law on Data Protection
(RLOPD).

The RLOPD defined in article 81, three security levels, depending on the type of data
considered and their role in the individual's privacy: basic, medium and high 48 .

• High: processing information related to ideology, beliefs, religion, race, sex life,
health, those obtained for police purposes without the consent of those affected
(files from the State Security Forces) and derived from acts of domestic violence.

• Medium: processing data concerning information of an employment, tax, financial,

credit, criminal and administrative offence nature, which provide a definition of
personality and data belonging to electronic communications operators, with
regard to traffic and location data.

• Basic: processing personal data. Also data on ideology, trade union membership,
religion, beliefs, health, race or sex life, when used in connection with transferring
money, are accessories to completing a transaction or refer to disability or
invalidity status (this last case concerning health data).

Based on this classification, in the specific case of using geolocation services, it is

noteworthy that:

• Generally, geolocation data, provided such data relate to an identified or

identifiable person, will be deemed basic data.

• In addition, the Data Protection Act, in accordance with Article 81.2 paragraph f)
also provides for the possibility of basic data being considered medium level,
through being combined with other data, either directly or by implication, they
provide a definition of the characteristics or personality of citizens and evaluate
certain aspects of their personality or behaviour. This is especially important for
geo-social networks such as Foursquare, which combine geolocation information
with other private data relating to their users.

• In addition, the Data Protection Act provides an exception for the location data
which are the responsibility of operators providing electronic communications
available to the public or operate public electronic communications networks, in
which case, besides basic and medium-level security measures, the high-level
security measure contained in Article 103 of the regulations concerning registration
of accesses shall also apply.

48
Information from the Data Security Guide-2010 by the Spanish Data Protection Authority, available at:
https://www.agpd.es/portalwebAGPD/canaldocumentacion/publicaciones/common/Guias/GUIA_SEGURIDAD_2010.pdf

Guide to security and privacy of geolocation tools Page 24 of 31

Information Security Observatory
For any geolocation application or service that makes use of its data, every citizen must
be informed accurately, in advance and clearly on the following aspects:

1) The existence of a file or data processing process.

2) The purpose of collecting data, stating the legitimate aim with absolute
sincerity.

3) Compulsory or optional nature of the questions asked.

4) Consequences of refusing to provide certain data.

5) The possibility of exercising rights of Access, Rectification, Cancellation and

Opposition, as defined in Title III of the Data Protection Act.

6) Identity and address of the company responsible for data processing.

It is important to note that, except for reasons of public safety, as provided in Article 25 of
the Data Protection Act, all citizens may exercise their rights of access (query existing
information about themselves), correction (amending incorrect data), cancellation
(removing data from a file) and opposition (preventing the inclusion of their data in a file)
on the data that any file stores on this party.

The agency responsible for ensuring compliance with the Data Protection Act is the
Spanish Data Protection Authority (AEPD). Any files attached to the Data Protection
Act should be made known to the agency; in the case of publicly-owned files, through
publication in the Official State Gazette or the Official Journal and in the case of files in
private ownership, by giving explicit notice to AEPD by the party responsible.

The lack of attention to the rights of citizens established by law, the violation of these
rights, the lack of cooperation with the authorities and the AEPD, as well as the lack of
notice under the circumstances set forth by law, are causes that lead to the relevant
research by the AEPD, which may impose appropriate measures and sanctions under the
Data Protection Act.

Any citizen who proves the Data Protection Act has been breached may direct a complaint
to the AEPD, using the reporting model provided by this agency on its website. For more
information:

https://www.agpd.es/portalwebAGPD/canalciudadano/denunciasciudadano

The intervention of the AEPD not only takes place when a complaint is filed, but the
Agency may also act on its own, when it is considered that the rights of citizens, in relation
to privacy and data protection, have been violated. An example of this would be the

Guide to security and privacy of geolocation tools Page 25 of 31

Information Security Observatory
investigation opened in 2010 into Google 49 , due to capturing information in unprotected
Wi-Fi networks through its fleet of vehicles to take pictures for Google Street View.

In conclusion, all citizens are covered by the Act concerning the protection of their
personal data, according to current legislation and the Constitution. Precisely because of
this, the responsible and safe use of these technologies is essential in order to enjoy their
services without compromising the intimate and personal aspect of citizens. This is also
so they can evolve and provide more functionality to the user.

49
Source: The Data Protection Authority opens in investigation into Google, El País, May 19, 2010. Available at:
http://www.elpais.com/articulo/tecnologia/Agencia/Proteccion/Datos/abre/investigacion/Google/elpeputec/20100519elpepute
c_5/Tes

Guide to security and privacy of geolocation tools Page 26 of 31

Information Security Observatory
 Security recommendations for using
6.
6
geolocation
SECURITY RECOMMENDATIONS FOR USING ATION

Once the risks and threats associated with geolocation technologies are known, the
security settings and practices must be defined which, through their implementation, allow
the safe use of these applications.

6.1 OPERATING SYSTEM SECURITY

It is recommended:

• To always keep your operating system and installed programs updated, by

applying periodic updates supplied by the manufacturer.

• To use, when available and necessary, a firewall internet protection system to

protect your system from dangerous connections.

• To use, when available and necessary, an antivirus system. The database

containing the virus definitions, as well as the software itself, should always be
kept updated.

• To use original software, with a source that is known and can be certified.

• To avoid unauthorised software or hardware

modifications, as they can cause security
problems that are not covered by the
manufacturer.

• Use user IDs with low privileges on the system,

reserving the use of privileged user IDs
(administrator, root) for the times when it is
strictly necessary.

• On mobile devices, configure the location

options appropriately in consideration of the
needs of the application to use. Not all
applications require the precision of GPS, and it
is not always appropriate for geo-referencing to
be enabled through WiFi networks.

Illustration 6: Security and location setting in Android 2.2

Guide to security and privacy of geolocation tools Page 27 of 31

Information Security Observatory
6.2 GEOLOCATION SOFTWARE

It is recommended:

• To only use trusted applications, gained through

appropriate distribution channels. These include the
official websites of the projects and the application
stores.

• To always keep geolocation applications updated.

• To consider the permissions that an application

requests for it to be installed on the system. It
makes no sense, for example, for a game to request
access to geo-referencing hardware and the
communications network, as it could be software
designed to spy on the user.

Illustration 7: Permission request upon installation

• To monitor any changes in required system permissions on application upgrades.

• To establish, within application settings, the time the geolocation functions are
allowed to be used, and who this information will be shared with.

Illustration 8: Location sharing setting

• To take into account the data linking that certain geolocation applications establish
with social networks.

Guide to security and privacy of geolocation tools Page 28 of 31

Information Security Observatory
 • For online application, use an updated web browser, as well as keep all your
accessories and plug-in updated.

• In online applications, use a plug-in designed to prevent web attacks and being
exposed to vulnerabilities 50 .

6.3 COMMUNICATION NETWORK

It is recommended:

• Never to send sensitive information or documents via an unencrypted connection.

To ensure that your login credentials (username and password) travel encrypted
via SSL.

• To connect to networks you trust as far as possible. It is better to use your home or
work network, before any others.

• In local networks, check that the connection to the gateway is direct and the
computer is not suffering from a man-in-the-middle attack. To do this, you can go
to connection trace tools (such as tracert in Microsoft Windows or traceroute in
GNU/Linux and Mac OS X) or consult the ARP table of correspondences.

• Never to use any open WiFi networks with an unknown origin and be suspicious of
free WiFi networks, such as those provided in bars and cafes.

• To set up your own WiFi home network with WPA2 security.

• In mobile networks, show a preference towards using third-generation (3G)

compared to second generation (2G, GPRS and EDGE).

6.4 PHYSICAL SECURITY

It is recommended:

• To install remote erasing programs, which in the event of theft or loss, and if
recovery is impossible, allow you to delete all private information on the device.

• To install programs that prevent the device from being used if you change the
installed SIM card.

50
For example, NoScript for Mozilla Firefox. Available at: http://noscript.net/ This is available for iOS, Android and Symbian
devices.

Guide to security and privacy of geolocation tools Page 29 of 31

Information Security Observatory
 • In case of loss or theft of a mobile phone, ask the network operator to block it
through IMEI, after making a report at the police office.

• For laptops, use a security cable to anchor it to a fixed structure when it is used in
public places.

• Set access passwords for all devices, including desktops, laptops and mobile
devices.

• Ensure that, after activating a suspended device, it requests the access password
again or a different one.

• Use strong passwords, combining numbers, uppercase and lowercase letters, and
symbols, with a minimum length of 8 characters. In addition you must also change
passwords fairly frequently.

Guide to security and privacy of geolocation tools Page 30 of 31

Information Security Observatory
 Web http://observatorio.inteco.es

Information Security Observatory Scribd Channel:

http://www.scribd.com/ObservaINTECO

Information Security Observatory Twitter Channel:

http://twitter.com/ObservaINTECO

Information Security Observatory Blog:

http://www.inteco.es/blog/Seguridad/Observatorio/BlogSeguridad/

observatorio@inteco.es

www.inteco.es
Guide to security and privacy of geolocation tools Page 31 of 31
Information Security Observatory