Hi,
This is a followup to recent discussion on this same mailing-list [1]
about how the FMRadio API [2] could be abused to infer the user
geolocalization without its consent.
I think dev-webapi isn't the best list to share this info, but I don't
know which other mailing-list would be relevant. Feel free to forward to
relevant mailing-lists and cc me.
# Background
The FMRadio API is currently available to any app. No need to be a
privileged or certified app.
The FMRadio API contains two convenient methods seekUp and seekDown.
These methods automatically find the next frequency (higher or lower
respectively) which emits a radio station. When a frequency is found, a
"frequencychange" event is fired and the current frequency can be
retrieved thanks to the FMRadio.frequency property.
# Inferring the geoloc using frequencies
## Getting all frequencies emitting something
Using seekUp and the frequency property, it's possible to find all
frequencies available to a user at a given time. I've written a script
[3] to that effect. In about 30 seconds, it was able to find all
frequencies available to me [4] (I live in Bordeaux, France). The only
thing this script requires is an antenna plugged to the phone. Any
headset will do the role of an antenna, users may have handsets plugged
for other reasons than Antenna, like a phone call, listening to music or
online TV/film.
## Radio frequency databases
In a matter of minutes, I've been able to find a database of all
frequencies available in France [5], region by region.
I assume it is quite easy to do the same for any country and build up a
database of all used frequencies for a given region.
## Matching infos
A quick look at the page of where I live [6] shows a very strong (but
not perfect, a handful are missing) match between these frequencies and
the one found by my script. A look at frequencies in other places show a
very strong mismatch (not entire mismatch of course, some same
frequencies are used in different places).
I feel it's pretty clear that the user geolocalization can be inferred
from the set of used frequencies to the accuracy of maybe 10/20km radius.
# Threat to privacy
Since any app can use the FMRadio API, any app can ship a small library
inferring the user geolocation based on frequencies (if the user has a
handset plugged in) without the user consent.
# Recommendation
Since the geolocalization of the user can be inferred at a small
granularity, I recommend moving the FMRadio API to a privileged API.
David
[1]
https://groups.google.com/d/msg/mozilla.dev.webapi/viKr7qCiKaM/1mInwM9HRXsJ
[2]
https://developer.mozilla.org/en-US/docs/DOM/WebFM
[3]
https://gist.github.com/DavidBruant/5118781#file-freqs-js
[4]
https://gist.github.com/DavidBruant/5118781#file-bordeauxfreqs-json
[5]
http://www.annuradio.fr/
[6]
http://www.annuradio.fr/index.php?mode=searchville&choixville=BORDEAUX