Preserving Privacy in Location-based Mobile Social Applications

Krishna P. N. Puttaswamy
Ben Y. Zhao

The Eleventh International Workshop on Mobile Computing Systems and Applications (HotMobile 2010)

[Full Text in PDF Format, 403KB]
[Full Text in Compressed Postscript Format, 1191KB]

Paper Abstract

Location-based social applications (LBSAs) rely on the location coordinates of the users to provide services. Today, smartphones using these applications act as simple clients and send out user locations to untrusted third-party servers. These servers have the application logic to provide the service, and in the process collect large amounts of user location information over time. This design, however, is shown to be susceptible to large-scale user privacy compromises even if several location cloaking techniques are employed. In this position paper, we argue that the LBSAs should adapt an approach where the untrusted third-party servers are treated simply as encrypted data stores, and the application functionality be moved to the client devices. The location coordinates are encrypted, when shared, and can be decrypted only by the users that the data is intended for. This approach significantly improves user location privacy. We argue that this approach not only improves privacy, but it is also flexible enough to support a wide variety of location-based applications used today. In this paper, we identify the key building blocks necessary to construct the applications in this approach, give examples of using the building blocks by constructing several applications, and outline the privacy properties provided by this approach. We believe our approach provides a practical alternative design for LBSAs that is deployable today.