Privacy Policy

Privacy Policy #

This project is part of a scientific research project. To protect private data, we employ the principles of Minimal Data Usage and Offline First. Accordingly, all personal data is stored only locally on the device. Furthermore, we only collect data necessary for the app’s use.

Responsibility #

Responsible for the development of the app and our study server is Lukas Arnold, a student of Computer Science at the Technical University of Darmstadt and employed at the Secure Mobile Networking Lab. The main supervisor of this work is Jiska Classen, leader of the Cybersecurity - Mobile & Wireless research group at Hasso Plattner Institute.

Lukas Arnold
c/o Secure Mobile Networking Lab
Pankratiusstraße 2
64289 Darmstadt
Germany

cellguard@seemoo.de

Study #

Users can voluntarily participate in a scientific study by giving consent using the app. The study aims to evaluate and improve our detection algorithm for rogue base stations (RBSes). Adversaries (not official network providers) set up base stations of this kind to track individuals and extract their information. However, in most cases, affected users do not notice that they are connected to a rogue base station. Our goal is to detect rogue connections and to find common attack patterns visible in the baseband packets of iPhones.

If the user consents to participate in the study, the app then sends anonymized data to our server, which is later analyzed and published as part of the study. With this data, it is impossible for us to identify individual study participants.

This study, its purpose, and collected data points have been reviewed and approved by the Ethics Commission of TU Darmstadt.

Data Collection #

Our app collects and stores the following types of data locally.

  • Locations (used by RBS verification algorithm)
  • Base station the phone connected to (used by RBS verification algorithm)
  • Baseband packets (used by the RBS verification algorithm)
  • Cell location data from Apple Location Services (used by the RBS verification algorithm)
  • Results of the RBS verification algorithm

Similar to iOS, our verification algorithm queries Apple Location Services for the location of unknown base stations and stores its result locally. iOS performs identical requests to determine your approximate location if you enable Location Services and thus agree to Apple’s Location Services & Privacy policy.

If you voluntarily participate in our study, CellGuard reports anonymized data to us. The selection of data points makes it impossible to link them to an individual.

  • If the RBS verification algorithm determines a base station as anomalous or suspicious, the app shares the following data points about the base station with us for an in-depth review.
    • Base station identity information (2G/3G/4G/5G, MCC, MNC, LAC/TAC, ID)
    • Latitude and longitude of user’s location upon connecting to the base station
    • Anonymized baseband packets within a 30-second window of the base station’s detection
    • Scores of the RBS detection algorithm
    • Optional User Feedback (Suggested level and textual comment)
  • Once a week, the app shares an aggregated weekly report with us to determine its effectiveness and the impact of potential false-positive by our RBS detection algorithm. The report includes the following data points.
    • Rate of base stations marked as anomalous by the RBS detection algorithm
    • Rate of base stations marked as suspicious by the RBS detection algorithm
    • 2-letter ISO country code

CellGuard does not include advertisements, respective libraries, or tracking frameworks. Your data will never be shared with a third party.

Data Access #

If permission is granted, the app accesses your location data through iOS’ Core Location framework.

You can share sysdiagnoses with CellGuard, allowing it to scan for the base stations and baseband packets of the past hours. Sysdiangoses are processed on-device, and no other information is extracted from them. Alternatively, you can install so-called tweaks to automatically collect data from these two categories on jailbroken devices.

The app requests base station location information from Apple Location Services, just as iOS does.

Data Storage and Usage #

The data collected as part of our study is sent to a server hosted by the Secure Mobile Networking Lab of TU Darmstadt. Only designated team members have access to it.

Other apps cannot access the data on your device.

Purpose of Usage #

The data on your device is necessary for the app and its detection algorithm to work.

The data on the server is stored if you voluntarily participate in our study.

Sharing of User Data #

Identifiable user data is not shared with us or with any third party.

Anonymized user data gathered during our study can be published in an aggregated form. The aggregated data does not allow the identification of any user.

Duration of Storage #

The app’s local data is stored as long as the app is installed.

The data part of the study will be published in aggregated form.

Your Rights as a User #

Information #

You have the right to view your personal information processed by us. If you wish to do so, please share the local identifiers of each uploaded data point with us via email.

Deletion of Data #

If you wish to delete all personal data, it is sufficient to delete the app. Data collected as part of the study is anonymized and can only be deleted by sharing the local identifier of each uploaded data point with us. Those identifiers are stored on your device and must be emailed to us.

Right of Objection #

You have the right to object to the use of the data. If you no longer wish to participate in the study, turn off the app’s corresponding settings.

Trademarks #

iPhone and Apple Location Services are trademarks protected by Apple.

Changes #

Any changes to the privacy policy require the user to agree to it once again. Users accept the privacy policy by installing and using the app as defined in the license agreements of the App Store and the Google Play Store.

This privacy policy is effective as of 2024-04-10.

Changes to the privacy policy will be listed here.

The policy has not been changed.