Automated User Profiling in Location-Based Mobile Messaging Applications

Location-based messaging applications (LMAs), a kind of messaging applications for mobile devices which enable users to connect with people based on their geographical locations, have recently experienced a huge popularity growth. The killer feature in LMAs that embodies the concept of geo-based instant messaging, named people nearby, allows users at any place to search and communicate with other registered users nearby. In this paper, we discuss a common weakness in LMAs that relates to the abuse of the people nearby function. In this case, rich personal data of registered LMA users can be easily obtained, bringing a chance to perform automated user profiling in LMAs. Specifically, we build an automated and scalable system to construct extended profiles (or we call life profile) of LMA users, which contain not only personal information of LMA users but also the daily activities and social ties inferred from their leaked spatio-temporal privacy. The system is highly adaptable to various applications, requiring no modification of applications or trivial work on protocol reverse engineering. We conduct the evaluation on a large scale for the first time. In our experiment, we succeed to construct life profiles for more than 280,000 users from two popular LMAs. The results of empirical analysis not only validate the existence of the privacy issue in LMAs, but also demonstrate its severity.