User identification using smartphone activity data

The increased smartphone penetration creates an abundant amount of near-real-time human behavior smartphone dataset. Nevertheless, studies show that this dataset is not entirely secure in both application and operation system levels. The leakage in the smartphone dataset is alarming; since this data holds much information about users that is able to, for instance, identify specific users among crown in user identification attempts. While other existing studies identify users via smartphone usage data, sensor data, or user input data; a user identification study exploring smartphone activity data is not yet available. As the recent data leakage in the Google Takeout service raises questions in the security of the data hold in third parties’ services, we intend to show that anonymous smartphone activity data that is also stored in these external services can violate privacy by linking the data back to an individual. We investigate 551 days of dataset from seven users, generate User Profiles as the users’ fingerprint, and obtain average accuracy of 88% by statically observing the percentage usage duration of five most-used applications. In a short observation period, this accuracy can even reach 100%. These results can then intrigue new discussion regarding smartphone data privacy.