Viking warriors have a historical reputation as tough guys, with an emphasis on testosterone. But scientists now say that DNA has unveiled a Viking warrior woman who was previously found in a roughly 1,000-year-old grave in Sweden. Until now, many researchers assumed that “she” was a “he” buried with a set of weapons and related paraphernalia worthy of a high-ranking military officer.

If the woman was in fact a warrior, a team led by archaeologist Charlotte Hedenstierna-Jonson of Uppsala University in Sweden has identified the first female Viking to have participated in what was long considered a male pursuit.
But the new report, published online September 8 in the American Journal of Physical Anthropology, has drawn criticism from some researchers. All that’s known for sure, they say, is that the skeleton assessed in the new report belonged to a woman who moved to the town where she was interred after spending her youth elsewhere.

“Have we found the Mulan of Sweden, or a woman buried with the rank-symbols of a husband who died abroad?” asks archaeologist Søren Sindbæk of Aarhus University in Denmark. There’s no way to know what meanings Vikings attached to weapons placed in the Swedish grave, Sindbæk says.

Although the new paper dubs the long-dead woman “a high-ranking female Viking warrior,” other interpretations of her identity are possible, Hedenstierna-Jonson acknowledges. But she notes that the Viking woman “was an exception in a sphere dominated by men, either if she was an active warrior or if she was ‘only’ buried in full warrior dress with a complete set of weapons.”

Excavations in the late 1800s at Birka, a Scandinavian trading center from the 700s to around 1000 (SN: 4/18/15, p. 8), uncovered the woman’s grave. Remains of Birka lie on the island of Björkö, about 30 kilometers west of present-day Stockholm. About 1,100 of more than 3,000 graves that encircle Birka have been unearthed.

Excavators noted that the body lay among a warrior’s gear. This equipment included an ax, a spear, arrows, a large knife, two shields and two horses. Playing pieces found in the grave, apparently for some type of board game, suggest the woman may have been a high-ranking officer with knowledge of military tactics and strategy, Hedenstierna-Jonson’s team speculates.
Researchers have typically assumed that Viking-era graves with weapons contain male warriors. Curiously, though, many skeletons in these graves, including that of the Birka woman, display no battle injuries.

Biological anthropologist Anna Kjellström of Stockholm University, a coauthor of the new study, reported at a meeting in 2013 that the Birka individual was a woman, based on pelvic shape and bone sizes. DNA from the Birka skeleton now confirms its female status and reveals many genetic similarities to present-day northern Europeans.

A comparison of two forms of radioactive strontium in teeth from the Birka woman, 15 other individuals excavated at Birka and pre-Viking age people from several parts of Sweden indicated that the woman moved to the trading center as a teenager or young woman. Humans absorb strontium from local rock formations through water and plant foods, leaving a chemical signature in teeth that approximately maps where these people grew up. The researchers estimate the woman was at least 30 years old when she died.

Findings in the new paper don’t demonstrate that the Birka woman was a Viking warrior, writes archaeologist Judith Jesch in a Sept. 9 post on her Norse and Viking Ramblings blog. Perhaps all alleged warriors in Viking-era warrior graves who lack serious wounds didn’t actually fight, contends Jesch, of the University of Nottingham in England. Hedenstierna-Jonson’s group provides no evidence that the Birka woman’s bones contain traces of strenuous physical activity expected from a warrior adept enough to avoid severe injuries, she writes.

“A certain amount of confusion” surrounds the original locations of bones excavated at Birka and then bagged for storage, including those of the proposed woman warrior, Jesch adds. Sloppy excavation practices at Birka more than 100 years ago sometimes accidentally lumped together bones from different graves, she says in her post.

Women could have been warriors during the Viking age, whether or not the Birka woman fought alongside men, says archaeologist Marianne Moen of the University of Oslo. Research over the past 30 years shows that Viking women were landowners, farmers, merchants, traders and participants in legal proceedings. Graves of two other Viking-era women, both in Norway, contain various weapons.

What’s important is not to hold women to a different standard than men when assessing comparable weapons placed in their graves, Moen asserts. The Birka find “was a warrior grave until it was sexed as female,” she says. “Now a lot of people would like to call it something else. That is where the danger lies here.”

I recently wrote about the power that adults’ words can have on young children. Today, I’m writing about the power of adults’ actions. Parents know, of course, that their children keep a close eye on them. But a new study provides a particularly good example of a watch-and-learn moment: Toddlers who saw an adult struggle before succeeding were more likely to persevere themselves.

Toddlers are “very capable learners,” says study coauthor Julia Leonard, a cognitive developmental psychologist at MIT. Scientists have found that these youngsters pick up on abstract concepts and new words after just a few exposures. But it wasn’t clear whether watching adults’ actions would actually change the way toddlers tackle a problem.

To see whether toddlers could soak up an adult’s persistence, Leonard and her colleagues tested 262 13- to 18-month-olds (the average age was 15 months). Some of the children watched an experimenter try to retrieve a toy stuck inside a container. In some cases, the experimenter quickly got the toy out three times within 30 seconds — easy. Other times, the experimenter struggled for the entire 30 seconds before finally getting the toy out. The experimenter then repeated the process for a different problem, removing a carabiner toy from a keychain. Some kids didn’t see any experimenter demonstration.

Just after watching an adult struggle (or not), the toddlers were given a light-up cube. It had a big, useless button on one side. Another button — small and hidden — actually controlled the lights. The kids knew the toy could light up, but didn’t know how to turn the lights on.

Though the big button did nothing, that didn’t stop the children from poking it. But here’s the interesting part: Compared with toddlers who had just watched an adult succeed effortlessly, or not watched an adult do anything at all, the toddlers who had seen the adult struggle pushed the button more. These kids persisted, even though they never found success.

The sight of an adult persevering nudged the children toward trying harder themselves, the researchers conclude in the Sept. 22 Science. Leonard cautions that it’s hard to pull parenting advice from a single laboratory-based study, but still, “there may be some value in letting children see you work hard to achieve your goals,” she says.

Observing the adults wasn’t the only thing that determined the toddlers’ persistence, not by a long shot. Some kids might simply be more tenacious than others. In the experiments, some of the children who didn’t see an experimenter attempt a task, or who saw an experimenter quickly succeed, were “incredibly gritty,” Leonard says. And some of the kids who watched a persistent adult still gave up quickly themselves. That’s not to mention the fact that these toddlers were occasionally tired, hungry and cranky, all of which can affect whether they give up easily. Despite all of this variation, the copycat effect remained, so that kids were more likely to persist when they had just seen a persistent adult.

As Leonard says, this is just one study and it can’t explain the complex lives of toddlers. Still, one thing is clear, and it’s something that we would all do well to remember: “Infants are watching your behavior attentively and actively learning from what you do,” Leonard says.

In 1780, a powerful hurricane swept across the islands of the Caribbean, killing an estimated 22,000 people; 5,000 more died of starvation and disease in the aftermath. “Our planet is capable of unleashing extreme chaos,” begins the new NOVA documentary “Killer Hurricanes,” set to air November 1 on PBS.

To describe the human impact of such powerful tropical cyclones, the documentary primarily focuses on two storms: the Great Hurricane of 1780 and Hurricane Matthew, a Category 4 storm that slammed into Haiti and Cuba last October. Before the devastating 2017 Atlantic hurricane season (SN Online: 9/21/17), Matthew was considered the biggest Atlantic storm of the last decade.
Still, the film’s larger message remains timely: Studying the hurricanes of the past can offer insights into storms of the future — and, hopefully, help coastal and island communities prepare for such events.

The documentary describes the work of researchers as they examine both human and geologic records to track past cyclones. Because the Great Hurricane occurred during relatively recent history, researchers can use eyewitness accounts and ship records to estimate not only the size of the storm, but also to track its path and calculate the storm surge.
But geologists such as Jeff Donnelly of the Woods Hole Oceanographic Institution in Massachusetts and Amy Frappier of Skidmore College in Saratoga Springs, N.Y., are looking deeper into the past. Donnelly finds physical traces of prehistoric hurricanes buried in seafloor sediments, while Frappier detects chemical traces in stalagmites growing in caves across the Caribbean. These data reveal a troubling pattern: The frequency of strong hurricanes distinctly increases when ocean temperatures are warmer. What’s more, hurricanes’ paths have shifted northward over the last 450 years, moving closer to the contiguous United States.

As the film notes, ocean waters are now warming at a rapid rate. Meanwhile, sea levels are rising, and the water in the oceans expands as it warms. Both effects will augment the impact of storm surge from such cyclones.

“Killer Hurricanes” doesn’t break much new ground, and the film’s stark conclusion about the future paths and intensities of powerful cyclones is one that climate scientists have long been signaling. But coming on the heels of a deadly hurricane season, and with the United States’ future participation in the Paris climate accord in limbo (SN Online: 6/1/17), the film may serve as a powerful reminder of the human cost of climate change.

Light is a fan of the buddy system. Photons, or particles of light, have been spotted swapping energy with partners. This chummy behavior resembles how electrons pair up in materials that conduct current without resistance, known as superconductors, researchers report in a paper accepted in Physical Review Letters.

Although the photons exchange energy like electrons do, it’s unknown whether the particles are actually bound together as electrons are, and whether photons could produce an effect analogous to superconductivity. “This is a door that is opened,” says study coauthor Ado Jorio, a physicist at the Universidade Federal de Minas Gerais in Brazil. Now, he says, the questions that must be addressed are, “How far can we push this similarity? Can we find with photons incredible results like we find for electrons?”
In certain solid materials cooled to extremely low temperatures, electrons form partnerships called Cooper pairs (SN: 6/13/15, p. 8), which allow superconductivity to occur. Although the negatively charged particles typically repel one another, two electrons can bind together by exchanging phonons, or quantum packets of vibration, via the lattice of ions within these materials. This alliance coordinates the electrons’ movements and thereby eases their passage through the material, allowing them to flow without resistance. Superconductivity’s potential technological applications — which include energy-efficient power transmission, superstrong magnets and levitating trains — have attracted heaps of scientific interest in the phenomenon.

Now, Jorio and colleagues have shown photons behaving similarly to superconducting electrons. When the researchers shined a laser on water, pairs of photons that emerged from the liquid at the same time tended to have complementary energies. While one photon had lost a little energy, another had gained the same amount of energy, indicating that they were exchanging quantum vibrations. The effect appeared in a variety of transparent materials, says Jorio, and it was observed at room temperature, unlike electron pairing in superconductors.

The team also showed that the exchanged quantum vibrations were “virtual” — appearing only for fleeting moments — just like the vibrations exchanged by electrons. The theory that explains the interaction “is exactly the same as for the electrons,” Jorio says.

Scientists already knew that photons can lose or gain energy via vibrations, but the similarity with Cooper pairs is a new and interesting way of thinking about the effect, says physicist Ian Walmsley of Oxford University, who was not involved with the research. “It’s a field that has not yet been explored.”
It is still too early to know how far the analogy with superconducting electrons extends, says physicist Ben Sussman of the National Research Council of Canada in Ottawa, who was not involved with the research. But the connection seems worth investigating: “This is an interesting rabbit hole indeed.”

Halloween horror aside, vampires are really pretty spineless.

Most have no backbone at all. By one count, some 14,000 kinds of arthropods, including ticks and mosquitoes, are blood feeders. Yet very few vertebrates are clear-cut, all-blood specialists: just some fishes and three bats. Why hasn’t evolution produced more vertebrate vampires?

The question intrigues herpetologist Harry Greene of Cornell University, who “can’t think of a single example among amphibians and reptiles,” he says. (Some birds are opportunists, sneaks or outright meat eaters, but they don’t have the extreme specialization of bats.)
Kurt Schwenk of the University of Connecticut in Storrs, who studies feeding morphology, comes up empty, as well. As he muses over what animals might have precursor biology that could lead to blood feeding, “a leechlike or lamprey-like blood-sucking tadpole should be a real possibility,” he says. The idea gives him “the heebie-jeebies,” but some tadpole species have already evolved mouths that can cling, and plenty of tadpoles are carnivorous.
Looking at the question from a different point of view — asking what would favor, or not, the evolution of blood feeding—he comes up with a less disturbing answer. For carnivorous animals, eating meat is nutritionally better than sipping blood alone, he says. So vampirism might not offer much of an advantage. “If you don’t need to be light and you’re not a parasite,” he says, there’s “no point in limiting yourself to blood.” So maybe vampiric tadpoles aren’t part of some creepy future after all.
Some adult fishes have evolved blood feeding, even mainstream vertebrates with jaws and bones (unlike cartilage-only jawless lampreys). Among the clear-cut bony examples are some Vandellia canidru catfishes, which fasten onto a gill of a much larger fish and let the fish heart pump sustenance into them as they nestle inside the protected gill chamber. (This is different from the supposed, or maybe mythical, tendency of some canidru catfishes to misunderstand fluid streams and swim up the urethras of humans in the water.)

Among vertebrates, vampirism inside or outside of gills might have arisen from ancestors that hitchhiked on big fishes and nibbled off parasites, in the same way modern remoras (also known as suckerfish) do, suggests parasitologist Tommy Leung of the University of New England in Armidale, Australia. Biologists already know about parasite-picker species, such as some cleaner fish, that will cheat and nip mucus or scales if they can get them. Actual blood-sucking cheats could be mere geologic ages away from that evolutionary step. Vertebrates may have relatively few vampires, but a greater number of almost-vampires.

Full-scale vampirism “is a tough way to make a living,” says William Schutt of Long Island University in Brookville, NY, and author of a book on the topic, Dark Banquet. But also, he adds, one big reason why there are fewer vertebrate vampires than arthropod bloodsuckers may be in the numbers. There are just fewer vertebrates: an estimated 60,000 versus a whopping 10 million arthropods.

Imagine you’re a red-footed booby napping on a not-quite-high-enough branch of a tree. It’s nighttime on an island in the middle of the Indian Ocean, and you can’t see much of what’s around you. Then, out of the darkness comes a monster. Its claw grabs you, breaking bones and dragging you to the ground. You don’t realize it yet, but you’re doomed. The creature breaks more of your bones. You struggle, but it’s a fruitless effort. Soon the other monsters smell your blood and converge on your body, ripping it apart over the next few hours.

The monster in this horror-film scenario is a coconut crab, the world’s largest terrestrial invertebrate, which has a leg span wider than a meter and can weigh more than four kilograms.

But this is no page from a screenplay. Biologist Mark Laidre of Dartmouth University actually witnessed this scene in March 2016, during a two-month field expedition to study the crabs in the Chagos Archipelago.

Laidre, an expert on hermit crabs, had been “dying to study” their humongous cousins. Little is known about the crabs, he notes. A study earlier this year looked at the force a coconut crab’s claw can exert in the lab. But, he says, “there’s still not a single paper on how they open a coconut.”
He trekked to the remote spot in the Indian Ocean because he wanted to study the crabs in a place where few people would interfere with their natural behaviors. Laidre had heard stories that coconut crabs killed rats, and he later witnessed them munching on the rodents on the islands. “Clearly it’s in their repertoire to eat something big,” he says. And when he took inventory of the crabs’ burrows, he found the carcass of an almost full-grown red-footed booby in one. “At the time, I had assumed it was something that had died … and the crab had dragged in there,” he recalls.

But then, in the middle of the night, he saw a crab attack a bird sleeping in a tree, and he managed to catch part of the event on film. “I didn’t have the heart to videotape five coconut crabs tearing apart the bird later,” he says. “It was a little bit overwhelming. I had trouble sleeping that night.”
After the event, Laidre heard a story from a local plantation worker who had witnessed something similar a couple of years earlier. “He was sitting and eating a sandwich, and this coconut crab came right out its burrow in the middle of the daytime when … a red-footed booby… landed outside of its burrow,” Laidre says. The crab grabbed the bird’s leg and pulled it into the burrow. “The bird never emerged.”

It’s difficult to tell how often attacks like this happen, whether they’re rare or common. “Predation itself is something you don’t often witness,” Laidre says. He’d like to someday install camera traps on the islands to get a better sense of the crabs’ behavior.

But while he was in the Chagos, he did find himself in a sort of natural experiment that gave him some insight into the effect of the crabs on local bird populations. Coconut crabs live on only some of the islands. Birds can live on any of them, but their populations vary from island to island. So Laidre surveyed the islands, walking transects and counting crabs and bird nests.
“The pattern I found across the island was pronounced,” Laidre writes November 1 in Frontiers in Ecology and the Environment. On Diego Garcia, for example, a 15-kilometer transect revealed 1,000 crabs and no nesting birds. Crab-free West Island, in contrast, had an abundance of ground nests of nesting noddies.

Laidre suspects that the coconut crabs act as a “ruler of the atoll,” keeping ground-nesting bird species from finding homes on crab-filled islands. On other islands with large populations of birds, those birds might help to keep their islands crab-free by eating juvenile coconut crabs, preventing them from colonizing there.

“It’s easy to sympathize with the prey,” Laidre says, “but at the same time, there’s a lot of ecological roles that that sort of action has.”

Ultrasound can now track bacteria in the body like sonar detects submarines.

For the first time, researchers have genetically modified microbes to form gas-filled pouches that scatter sound waves to produce ultrasound signals. When these bacteria are placed inside an animal, an ultrasound detector can pick up those signals and reveal the microbes’ location, much like sonar waves bouncing off ships at sea, explains study coauthor Mikhail Shapiro, a chemical engineer at Caltech.

This technique, described in the Jan. 4 Nature, could help researchers more closely monitor microbes used to seek and destroy tumors or treat gut diseases (SN: 11/1/14, p. 18).
Repurposing ultrasound, a common tissue-imaging method, to map microbes creates “a tool that nobody thought was even conceivable,” says Olivier Couture, a medical biophysicist at the French National Center for Scientific Research in Paris, who wasn’t involved in the work.

Until now, researchers have tracked disease-fighting bacteria in the body by genetically engineering them to glow green in ultraviolet images. But that light provides only blurry views of microbes in deeper tissue — if it can be seen at all. With ultrasound, “we can go centimeters deep and still see things with a spatial precision on the order of a hundred micrometers,” Shapiro says.

Story continues below image
Shapiro and his colleagues engineered a strain of E. coli used to treat gut infection to form gas compartments, and injected these bacteria into mice’s bellies. Unlike glowing bacteria — which could only be pinpointed to somewhere in a mouse’s abdomen — ultrasound images located the gas-filled microbes in the colon. The researchers also used their ultrasound technique in mice to image Salmonella bacteria, which could be used to deliver cancer-killing drugs to tumor cells.

Bacteria that produce ultrasound signals can also be designed to help diagnose illnesses, Shapiro says. For instance, a patient could swallow bacteria engineered to create gas pockets wherever the microbes sense inflammation. A doctor could then use ultrasound to search for inflamed tissue, rather than performing a more invasive procedure like a colonoscopy.

Consider everything your smartphone has done for you today. Counted your steps? Deposited a check? Transcribed notes? Navigated you somewhere new?

Smartphones make for such versatile pocket assistants because they’re equipped with a suite of sensors, including some we may never think — or even know — about, sensing, for example, light, humidity, pressure and temperature.

Because smartphones have become essential companions, those sensors probably stayed close by throughout your day: the car cup holder, your desk, the dinner table and nightstand. If you’re like the vast majority of American smartphone users, the phone’s screen may have been black, but the device was probably on the whole time.

“Sensors are finding their ways into every corner of our lives,” says Maryam Mehrnezhad, a computer scientist at Newcastle University in England. That’s a good thing when phones are using their observational dexterity to do our bidding. But the plethora of highly personal information that smartphones are privy to also makes them powerful potential spies.
Online app store Google Play has already discovered apps abusing sensor access. Google recently booted 20 apps from Android phones and its app store because the apps could — without the user’s knowledge — record with the microphone, monitor a phone’s location, take photos, and then extract the data. Stolen photos and sound bites pose obvious privacy invasions. But even seemingly innocuous sensor data can potentially broadcast sensitive information. A smartphone’s movement may reveal what users are typing or disclose their whereabouts. Even barometer readings that subtly shift with increased altitude could give away which floor of a building you’re standing on, suggests Ahmed Al-Haiqi, a security researcher at the National Energy University in Kajang, Malaysia.

These sneaky intrusions may not be happening in real life yet, but concerned researchers in academia and industry are working to head off eventual invasions. Some scientists have designed invasive apps and tested them on volunteers to shine a light on what smartphones can reveal about their owners. Other researchers are building new smartphone security systems to help protect users from myriad real and hypothetical privacy invasions, from stolen PIN codes to stalking.

Message revealed
Motion detectors within smartphones, like the accelerometer and the rotation-sensing gyroscope, could be prime tools for surreptitious data collection. They’re not permission protected — the phone’s user doesn’t have to give a newly installed app permission to access those sensors. So motion detectors are fair game for any app downloaded onto a device, and “lots of vastly different aspects of the environment are imprinted on those signals,” says Mani Srivastava, an engineer at UCLA.

For instance, touching different regions of a screen makes the phone tilt and shift just a tiny bit, but in ways that the phone’s motion sensors pick up, Mehrnezhad and colleagues demonstrated in a study reported online April 2017 in the International Journal of Information Security. These sensors’ data may “look like nonsense” to the human eye, says Al-Haiqi, but sophisticated computer programs can discern patterns in the mess and match segments of motion data to taps on various areas of the screen.

For the most part, these computer programs are machine-learning algorithms, Al-Haiqi says. Researchers train them to recognize keystrokes by feeding the programs a bunch of motion sensor data labeled with the key tap that produces particular movement. A pair of researchers built TouchLogger, an app that collects orientation sensor data and uses the data to deduce taps on smartphones’ number keyboards. In a test on HTC phones, reported in 2011 in San Francisco at the USENIX Workshop on Hot Topics in Security, TouchLogger discerned more than 70 percent of key taps correctly.

Since then, a spate of similar studies have come out, with scientists writing code to infer keystrokes on number and letter keyboards on different kinds of phones. In 2016 in Pervasive and Mobile Computing, Al-Haiqi and colleagues reviewed these studies and concluded that only a snoop’s imagination limits the ways motion data could be translated into key taps. Those keystrokes could divulge everything from the password entered on a banking app to the contents of an e-mail or text message.

Story continues below graphs
A more recent application used a whole fleet of smartphone sensors — including the gyroscope, accelerometer, light sensor and magnetism-measuring magnetometer — to guess PINs. The app analyzed a phone’s movement and how, during typing, the user’s finger blocked the light sensor. When tested on a pool of 50 PIN numbers, the app could discern keystrokes with 99.5 percent accuracy, the researchers reported on the Cryptology ePrint Archive in December.

Other researchers have paired motion data with mic recordings, which can pick up the soft sound of a fingertip tapping a screen. One group designed a malicious app that could masquerade as a simple note-taking tool. When the user tapped on the app’s keyboard, the app covertly recorded both the key input and the simultaneous microphone and gyroscope readings to learn the sound and feel of each keystroke.

The app could even listen in the background when the user entered sensitive info on other apps. When tested on Samsung and HTC phones, the app, presented in the Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks, inferred the keystrokes of 100 four-digit PINs with 94 percent accuracy.

Al-Haiqi points out, however, that success rates are mostly from tests of keystroke-deciphering techniques in controlled settings — assuming that users hold their phones a certain way or sit down while typing. How these info-extracting programs fare in a wider range of circumstances remains to be seen. But the answer to whether motion and other sensors would open the door for new privacy invasions is “an obvious yes,” he says.

Tagalong
Motion sensors can also help map a person’s travels, like a subway or bus ride. A trip produces an undercurrent of motion data that’s discernible from shorter-lived, jerkier movements like a phone being pulled from a pocket. Researchers designed an app, described in 2017 in IEEE Transactions on Information Forensics and Security, to extract the data signatures of various subway routes from accelerometer readings.

In experiments with Samsung smartphones on the subway in Nanjing, China, this tracking app picked out which segments of the subway system a user was riding with at least 59, 81 and 88 percent accuracy — improving as the stretches expanded from three to five to seven stations long. Someone who can trace a user’s subway movements might figure out where the traveler lives and works, what shops or bars the person frequents, a daily schedule, or even — if the app is tracking multiple people — who the user meets at various places.
Accelerometer data can also plot driving routes, as described at the 2012 IEEE International Conference on Communication Systems and Networks in Bangalore, India. Other sensors can be used to track people in more confined spaces: One team synced a smartphone mic and portable speaker to create an on-the-fly sonar system to map movements throughout a house. The team reported the work in the September 2017 Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies.

“Fortunately there is not anything like [these sensor spying techniques] in real life that we’ve seen yet,” says Selcuk Uluagac, an electrical and computer engineer at Florida International University in Miami. “But this doesn’t mean there isn’t a clear danger out there that we should be protecting ourselves against.”

That’s because the kinds of algorithms that researchers have employed to comb sensor data are getting more advanced and user-friendly all the time, Mehrnezhad says. It’s not just people with Ph.D.s who can design the kinds of privacy invasions that researchers are trying to raise awareness about. Even app developers who don’t understand the inner workings of machine-learning algorithms can easily get this kind of code online to build sensor-sniffing programs.

What’s more, smartphone sensors don’t just provide snooping opportunities for individual cybercrooks who peddle info-stealing software. Legitimate apps often harvest info, such as search engine and app download history, to sell to advertising companies and other third parties. Those third parties could use the information to learn about aspects of a user’s life that the person doesn’t necessarily want to share.

Take a health insurance company. “You may not like them to know if you are a lazy person or you are an active person,” Mehrnezhad says. “Through these motion sensors, which are reporting the amount of activity you’re doing every day, they could easily identify what type of user you are.”

Sensor safeguards
Since it’s only getting easier for an untrusted third party to make private inferences from sensor data, researchers are devising ways to give people more control over what information apps can siphon off of their devices. Some safeguards could appear as standalone apps, whereas others are tools that could be built into future operating system updates.

Uluagac and colleagues proposed a system called 6thSense, which monitors a phone’s sensor activity and alerts its owner to unusual behavior, in Vancouver at the August 2017 USENIX Security Symposium. The user trains this system to recognize the phone’s normal sensor behavior during everyday tasks like calling, Web browsing and driving. Then, 6thSense continually checks the phone’s sensor activity against these learned behaviors.

If someday the program spots something unusual — like the motion sensors reaping data when a user is just sitting and texting — 6thSense alerts the user. Then the user can check if a recently downloaded app is responsible for this suspicious activity and delete the app from the phone.

Uluagac’s team recently tested a prototype of the system: Fifty users trained Samsung smartphones with 6thSense to recognize their typical sensor activity. When the researchers fed the 6thSense system examples of benign data from daily activities mixed in with segments of malicious sensor operations, 6thSense picked out the problematic bits with over 96 percent accuracy.
For people who want more active control over their data, Supriyo Chakraborty, a privacy and security researcher at IBM in Yorktown Heights, N.Y., and colleagues devised DEEProtect, a system that blunts apps’ abilities to draw conclusions about certain user activity from sensor data. People could use DEEProtect, described in a paper posted online at arXiv.org in February 2017, to specify preferences about what apps should be allowed to do with sensor data. For example, someone may want an app to transcribe speech but not identify the speaker.

DEEProtect intercepts whatever raw sensor data an app tries to access and strips that data down to only the features needed to make user-approved inferences. For speech-to-text translation, the phone typically needs sound frequencies and the probabilities of particular words following each other in a sentence.

But sound frequencies could also help a spying app deduce a speaker’s identity. So DEEProtect distorts the dataset before releasing it to the app, leaving information on word orders alone, since that has little or no bearing on speaker identity. Users can control how much DEEProtect changes the data; more distortion begets more privacy but also degrades app functions.

In another approach, Giuseppe Petracca, a computer scientist and engineer at Penn State, and colleagues are trying to protect users from accidentally granting sensor access to deceitful apps, with a security system called AWare.

Apps have to get user permission upon first installation or first use to access certain sensors like the mic and camera. But people can be cavalier about granting those blanket authorizations, Uluagac says. “People blindly give permission to say, ‘Hey, you can use the camera, you can use the microphone.’ But they don’t really know how the apps are using these sensors.”

Instead of asking permission when a new app is installed, AWare would request user permission for an app to access a certain sensor the first time a user provided a certain input, like pressing a camera button. On top of that, the AWare system memorizes the state of the phone when the user grants that initial permission — the exact appearance of the screen, sensors requested and other information. That way, AWare can tell users if the app later attempts to trick them into granting unintended permissions.

For instance, Petracca and colleagues imagine a crafty data-stealing app that asks for camera access when the user first pushes a camera button, but then also tries to access the mic when the user later pushes that same button. The AWare system, also presented at the 2017 USENIX Security Symposium, would realize the mic access wasn’t part of the initial deal, and would ask the user again if he or she would like to grant this additional permission.

Petracca and colleagues found that people using Nexus smartphones equipped with AWare avoided unwanted authorizations about 93 percent of the time, compared with 9 percent among people using smartphones with typical first-use or install-time permission policies.

The price of privacy
The Android security team at Google is also trying to mitigate the privacy risks posed by app sensor data collection. Android security engineer Rene Mayrhofer and colleagues are keeping tabs on the latest security studies coming out of academia, Mayrhofer says.

But just because someone has built and successfully tested a prototype of a new smartphone security system doesn’t mean it will show up in future operating system updates. Android hasn’t incorporated proposed sensor safeguards because the security team is still looking for a protocol that strikes the right balance between restricting access for nefarious apps and not stunting the functions of trustworthy programs, Mayrhofer explains.

“The whole [app] ecosystem is so big, and there are so many different apps out there that have a totally legitimate purpose,” he adds. Any kind of new security system that curbs apps’ sensor access presents “a real risk of breaking” legitimate apps.

Tech companies may also be reluctant to adopt additional security measures because these extra protections can come at the cost of user friendliness, like AWare’s additional permissions pop-ups. There’s an inherent trade-off between security and convenience, UCLA’s Srivastava says. “You’re never going to have this magical sensor shield [that] gives you this perfect balance of privacy and utility.”

But as sensors get more pervasive and powerful, and algorithms for analyzing the data become more astute, even smartphone vendors may eventually concede that the current sensor protections aren’t cutting it. “It’s like cat and mouse,” Al-Haiqi says. “Attacks will improve, solutions will improve. Attacks will improve, solutions will improve.”

The game will continue, Chakraborty agrees. “I don’t think we’ll get to a place where we can declare a winner and go home.”