Is your mobile browser leaking Accelerometer readings ?

Pick a mobile phone to open this page in browser:

http://www.albertosarullo.com/demos/accelerometer/

You’ll find the web gets accurate acceleration (x,y,z) value of device.

So our phone’s accelerometer (and maybe gyro) data can be read via JS and leaked to web server。

When was this “feature” applied by w3c? I am shocked that “feature” is defaultly enabled on our phones. I also tested these mobile browsers who claim to be privacy-aware, to see if they prevent JS from reading acceleration:

Brave (fail)
Firefox Klar (fail)
Duckduckgo Privacy Browser (fail)
Privacy Browser (success)

Most mobile browser developers fail to protect sensor data.

That “feature” seems already been archived many years ago: https://stackoverflow.com/questions/4378435/how-to-access-accelerometer-gyroscope-data-from-javascript

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.