Off-campus UMass Amherst users: To download campus access dissertations, please use the following link to log into our proxy server with your UMass Amherst user name and password.

Non-UMass Amherst users: Please talk to your librarian about requesting this dissertation through interlibrary loan.

Dissertations that have an embargo placed on them will not be available to anyone until the embargo expires.

Author ORCID Identifier


Open Access Dissertation

Document Type


Degree Name

Doctor of Philosophy (PhD)

Degree Program

Computer Science

Year Degree Awarded


Month Degree Awarded


First Advisor

Brian Neil Levine

Subject Categories

Information Security | Longitudinal Data Analysis and Time Series


Mobile phones are widely adopted by users across the world today. However, the privacy implications of persistent connectivity are not well understood. This dissertation focuses on one important concern of mobile phone users: location privacy. I approach this problem from the perspective of three adversaries that users are exposed to via smartphone apps: the mobile advertiser, the app developer, and the cellular service provider. First, I quantify the proportion of mobile users who use location permissive apps and are able to be tracked through their advertising identifier, and demonstrate a mark and recapture attack that allows continued tracking of users who hide these identifiers. Ninety-five percent of the 1500 devices we tested were susceptible to this attack. We successfully identified 49% of unlabelled impressions from iOS devices, and 59% from Android, with a budget of only $5 per day, per user. Next, I evaluate an attack wherein a remote server discovers a user's traveled path without permission, simply by analyzing the throughput of the connection to the user over time. In these experiments, a remote attacker can distinguish a user's route among four paths within a University campus with 77% accuracy, and among eight paths surrounding the campus with 83% accuracy. I then propose a protocol for anonymous cell phone usage, which obviates the need for users to trust telecoms with their location, and I evaluate its efficacy against a passive location profiling attack used to infer identity. According to these simulations, even one day is enough to identify one device from among over a hundred with greater than 50% accuracy. To mitigate location profiling attacks, users should change these identifiers every ten minutes and remain offline for 30 seconds, to reduce their identifiability by up to 45%. I conclude by summarizing the key issues in mobile location privacy today, immediate steps that can be taken to improve them, and the inherent privacy costs of remaining constantly connected.