Privacy Protection for GPS Tracking

Silu Jia, Cheng Wu

Currently, most smart phones have GPS services installed, which makes our life much easier. Although there are many advantages to cell phone GPS tracking, there are also privacy concerns. As most people carry their cell phone with them at all times, the ability is in place to track the exact movements of all individuals, which exposes individual’s location information to others and can be collected by mobile applications. Along with the rapid growth of mobile phone users, privacy and security becomes two of most concerned factors.

Almost 95% of the smart phones on the market are using Google Map API for GPS related services. Google map provides api for user to get detailed location information by querying with latitude and longitude, such as reverseGeocoder, and then display user’s location on the google map application.

In our project, we design and implement a privacy protection library for GPS location information. In order to protect user’s privacy by limiting the zoom level on the google map of his current location. Moreover, we implemented a demo system which consisted of a sever and multiple mobile users.

Implementing three different versions of privacy protection library, which can be used on android phone, iPhone or PC web browser, correspondingly, and an experiment to demonstrate the functionality of our library. In particular, a user can track other users’ location with the help of server. Instead of tracking the precise location of every user, we provide this library for privacy protection.

By using this library, each user must specify his relationship with the one he wants to track, in order to get the corresponding privacy level of the GPS location information. For example, if user B declares that user A is his intimate friend or relative, then user A can get the most precise (Level 1 – Street Address Level) location information of user B upon his request. If user B declares that user A is one of his classmates and he only wants to show the city information to all his classmates, then user A can get the Level 3 – City Level location information of user B upon his request.

Two android phones, one iPhone as clients and one laptop as server. We choose ruby on rails as our back-end sever and mysql as database. For communication between server and client, we use RESTful Web Services.


Server is responsible for user registration, request tracking, location information storage and client’s communication. The client’s multi-level friendship information will be stored in the database.

When the server receives the request from the client for adding friend, it will send the request to the target client, and then wait for the response. The target client should specify the friendship level. If the target client agrees with the request, the server will insert this information into the database and send the friend agreement to the both of the clients. After this hand-shaking process, the server starts sending the classified location information to the requestor. Different clients can get different details of one person’s location depending on the friendship level.


Clients send registration requests to the server upon the start of the server.

A client sends adding friend request to the server before he can track the target client. Server then forwards this request to the target client. The target client need to specify the friendship level when he accepts the request and this information is stored in the server database. Then the requestor can send tracking request of this target client and receive the classified location data of the target client based on their friendship level, and display it on the Google map of android phone application.

Location classification library

Our location classification library can support laptop, android phone and iphone device. There are two method to achieve our goal. One is to modify the precision of the latitude and longitude after our server receives this information from client. Another method is to keep the precision of the latitude and longitude but lock the zoom function of the google map. We will choose the second one, since sometime the location is not correct in the first method as the precision is not high.

System Architecture

System Communication Process

In the server side, communication is based on the HTTP request, and all the message is JSON file format. Because the JSON file is easy for the computer to read and parse.

Flow Chart - User registration

In the client side, user can register an account on the web, and the user name, password and user email are needed. When the server receive this data, it will insert the data into the MySQL database. And the table of location is also created right now, it contains latitude, longitude and friend level information. All these default values are null, and they will be updated when the client sends the request.

Flow Chart - User Login

After user registered, he can login on the android phone. The ip address and port number of the server, user name and password are needed at this time. When the server receives the user name and password, it will check these datas in the database. If the information is correct, it can send back a NUTH token to the client. This token is important for the android client. The token is just like his ID. Any request the client sends in the future should contain the token.

Flow Chart - System working process

In the demo application, when the user login, a list of friends will display on the screen. User can choose one of his friend and click the request button, and then a pop menu containing the friend level choice will come out. User chooses one level and send this request to the server, and waits for the response data containing latitude and longitude, then create a new page of map view based on the latitude, longitude and friend level.

Android app Demo

Web brower app Demo

Fork this project at this github link!



Email address: