Proxensus is an Android application that confirms the legitimacy of mobile device locations without compromising the privacy of its user. The application utilizes bluetooth low energy (BLE) technology, which handles data and energy usage more efficiently than conventional bluetooth technology, to communicate location data between users who are in proximity of each other. Users who have their application activated exchange their location zip codes and crosscheck with each other to ensure that they all display the same information. Users who are within BLE range of each other are expected to have the same location identifier because they are in the approximate location. In the case that location data between users are inconsistent, the application relies on crowdsourcing methods to ‘vote’ on the user who is location spoofing. For example, if there are 4 users within proximity of each other and 3 of them have the zipcode 92101 while the fourth user displays a zipcode of 77494, the fourth user would be voted as the location spoofer. Users who are tagged as spoofers are put on a blacklist that is then communicated with a server.
Proxensus is a decentralized location consensus application built with a primary focus on ensuring user security against spoofing attacks. Spoofing attacks occur when malicious actors falsify their location data to gain unauthorized access to a system or service, which can lead to serious consequences, such as gaining access to content that is normally restricted based on location, conduct fraud or cyberattacks, and even gain advantages in video games that offer rewards to players based on location. We developed an application that could be extended to work with more applications by reducing the DP-3T algorithm, which was originally used for COVID-19 contact tracing. To prevent spoofing attacks, our application utilizes a decentralized crowdsourcing approach where user locations are verified by other users on the application. By conducting a census where data is collected from a dispersed network of users who are located in various locations, the application is able to discover spoofers and blacklist these users. Overall, Proxensus offers a secure and reliable solution for verifying user location data, with a strong focus on user privacy and security.
One hurdle our application faces is the potential of false positives and false negatives. Because our application relies on crowdsourcing, or a majority vote system, the scenario where there are more location spoofers than truthful users would result in the truthful user being put on the blacklist while the location spoofers get away. In the future, we want to optimize the algorithm to handle these edge cases such as modifying the voting threshold or criteria to activate the crowdsourcing algorithm. The current application generates a static unique identifier for the user upon activation of the application. Further improvements would involve a dynamic user identifier that updates frequently to prevent privacy invasion, such as outsiders tracking user location data. Finally, our application will improve its crowdsourcing algorithm by checking that if zipcodes between users do not match, the application will first determine whether zipcodes are at least adjacent to each other rather than immediately determining a location discrepancy. For example, users who are in very close proximity to each other may display different zip codes due to inaccuracies of Google’s API geolocator.