To path indicator Subpages of “Newsdetail“ To navigation by target groups To navigation by topic To quick access To footer with other services
To content
Panoramic view on the North Campus © Jürgen Huhn​/​TU Dortmund
Researchers Detect Security Gap

Delivery Confirmation in Messenger Apps Reveals Recipient’s Location

-
in
  • Top News
  • Research
Various icons of messenger apps can be seen on a display. © Thomas Ulrich​/​Pixabay
From the time interval between the appearance of a delivery confirmation on messenger apps, it is possible to determine the location of the target phone under certain conditions.
An international research group led by Dr. Theodor Schnitzler from TU Dortmund University has detected a vulnerability in messenger services: It is possible to distinguish different locations of a person in your contact list by measuring how long it takes until a message is delivered. The results of the paper, which has already been peer-reviewed, have now been published as a preprint and will be presented at an international symposium in the USA next spring.

WhatsApp, Threema and Signal users are familiar with the following procedure: After sending a message, it is marked with a check mark. As soon as the message has reached its recipient, a second check mark appears as confirmation. Under certain conditions, however, the time span between the first check mark appearing and then the second one can be used to establish where the target cell phone is located, as a research team led by Dr. Theodor Schnitzler has discovered.

Data traffic analyzed by software

Dr. Schnitzler began his research work on this topic during his doctoral degree at Ruhr-Universität Bochum (RUB) and completed it at the Research Center Trustworthy Data Science and Security of the University Alliance Ruhr at TU Dortmund University. During a stay in Abu Dhabi, he and his international colleagues noticed that it took longer than usual until a Messenger message sent to Germany was marked as received with the second check mark. To study this phenomenon, they connected a smartphone to laptop software that sent a message every ten seconds to recipient cell phones in Germany, the Netherlands, Greece and the United Arab Emirates, and then analyzed the data traffic that occurred.

Portrait of Dr. Theodor Schnitzler © Martina Hengesbach​/​TU Dortmund
Dr. Theodor Schnitzler forscht am Research Center Trustworthy Data Science and Security der Universitätsallianz Ruhr an der TU Dortmund.

They discovered that there was a characteristic time span until the delivery confirmation arrived – depending on the destination country. With this information, they were able to determine in reverse and with an accuracy of 74% (Signal and WhatsApp) and 84% (Threema) in which of these countries the recipient device was located. In a second step, the researchers repeated the experiment on a local level and sent messages via the software to smartphones in various cities and towns in the Ruhr region. Here, too, they were able to measure a characteristic delivery time depending on the location and then determine the location of the recipient cell phone with an accuracy of over 90% in some cases. It is also possible to read very reliably from the data whether the receiving device is in a WLAN network or using mobile internet.

Profile of a person must be known

However, the data can only be interpreted with prior knowledge. "It is not possible to establish distances by measuring time," explains Schnitzler. In addition, messenger apps only send delivery confirmation if the recipient has saved the sender's cell phone number in their contacts, meaning that it is not possible to identify the previously unknown locations of just any cell phone number using this method. "But if you already know where the smartphone is usually located – for example because you know where a person lives, works or goes to the gym – you can use software to measure the characteristic time span until the delivery confirmation is sent and find out later whether the person concerned is in one of those places by sending them a message."

In certain situations, the method could nevertheless pose a safety risk, for example in the context of stalking.

Schnitzler and his co-researchers Katharina Kohls (Radboud University, Netherlands) and Evangelos Bitsikas and Christina Pöpper (New York University Abu Dhabi) will present their paper in spring 2023 at the prestigious Network and Distributed System Security (NDSS) Symposium in San Diego, USA. In it, they already suggest ways to eliminate the vulnerability: For example, the delivery confirmation could be given a random time delay in the range of a few seconds, which prevents the sender from establishing the recipient's location. Or the messenger services could provide their users with the option to switch off delivery confirmations entirely. Threema has already announced that it plans to check the issue.

Link to the preprint

Contact for inquiries:

To top of page