London, Feb 20 The time a person spends on different smartphone apps is enough to identify them from a larger group in more than one in three cases, say researchers, who warn of the implications for security and privacy.
Researchers from Universities of Lancaster and Bath analysed smartphone data from 780 people.
They fed 4,680 days of app usage data into statistical models. Each of these days was paired with one of the 780 users, such that the models learnt people's daily app use patterns.
The researchers then tested whether models could identify an individual when provided with only a single day of smartphone activity that was anonymous and not yet paired with a user.
"Our models, which were trained on only six days of app usage data per person, could identify the correct person from a day of anonymous data one third of the time," said David Ellis from the University of Bath.
While that might not sound like much, when the models made a prediction regarding who data belonged to, it could also provide a list of the most to the least likely candidates.
The findings published in the journal Psychological Science showed that it was possible to view the top 10 most likely individuals that a specific day of data belonged to.
Around 75 per cent of the time, the correct user would be among the top 10 most likely candidates.
"In practical terms, a law enforcement investigation seeking to identify a criminal's new phone from knowledge of their historic phone use could reduce a candidate pool of approximately 1,000 phones to 10 phones, with a 25 per cent risk of missing them," said Professor Paul Taylor from Lancaster University.
As a result, the researchers warn that software granted access to a smartphone's standard activity logging could render a reasonable prediction about a user's identity even when they were logged-out of their account.
An identification is possible with no monitoring of conversations or behaviours within apps themselves.
"We found that people exhibited consistent patterns in their application usage behaviours on a day-to-day basis, such as using Facebook the most and the calculator app the least. In support of this, we also showed that two days of smartphone data from the same person exhibited greater similarity in app usage patterns than two days of data from different people," explained Heather Shaw from Lancaster University.
Therefore, it is important to acknowledge that app usage data alone, which is often collected by a smartphone automatically, can potentially reveal a person's identity.
While providing new opportunities for law enforcement, it also poses risks to privacy if this type of data is misused, the researchers said.
Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor