Stanford researchers discover ‘alarming’ method for phone tracking, fingerprinting through sensor flaws

One afternoon late last month, security researcher Hristo Bojinov placed his Galaxy Nexus phone face up on the table in a cramped Palo Alto conference room. Then he flipped it over and waited another beat. And that was it. In a matter of seconds, the device had given up its “fingerprints.”

Code running on the website in the device’s mobile browser measured the tiniest defects in the device’s accelerometer -- the sensor that detects movement -- producing a unique set of numbers that advertisers could exploit to identify and track most smartphones. It’s a novel approach that raises a new set of privacy concerns: Users couldn’t delete the ID like browser cookies, couldn’t mask it by adjusting app privacy preferences -- and wouldn’t even know their device had been tagged. Asked if this sort of work risks putting ideas into the heads of online advertisers, Bojinov said he’d be surprised if someone in the industry wasn’t already exploring these approaches.