A factor contributing to the rapid proliferation of smart phones and other mobile computing devices is the incorporation of sensors into these devices. Specifically, mobile computing devices can be equipped with many different types of sensors, including, but not limited to, a geolocation sensor (e.g. a global positioning system (GPS) sensor), a camera, a microphone, a velocity sensor, an accelerometer, a proximity sensor, combinations thereof, and so on. The incorporation of such sensors into mobile computing devices has contributed to a rise in a number of applications that perform a service based at least in part upon readings from such sensors. In an example, a mapping application can receive a current location of a user (from a geolocation sensor in a mobile computing device of the user that outputs location data) and can present the user with a map of a region immediately surrounding such user, as well as driving directions to different locations, based upon the data from the geolocation sensor.
In conventional implementations of mobile computing devices there is little, if any, mechanism in place that authenticates that data output by sensors on mobile computing devices are authentic, and have not been subject to modification by a user or software executing on the mobile computing device. Pursuant to an example, an application executing on the mobile computing device may call an application programming interface (API) that is configured to enable retrieval of a sensor reading from a GPS sensor on the mobile computing device. The application, the user, or other malicious software can modify a value output by the GPS sensor, such that the value consumed by an application or a cloud service is inaccurate.
Conventionally there has been little, if any, concern regarding the lack of trustworthiness of sensor readings in mobile computing devices, as typically a user or software program has no reason to modify values output by a sensor on a mobile computing device. Continuing with the mapping application example set forth above, a user has no reason to attempt to deceive a mapping application about her true location, as doing so only prevents the user from receiving optimal services provided by a mapping cloud service. That is, if the user wishes to receive directions from a current location to an intended destination, the user has no incentive to modify a value output by a GPS sensor to mask her true location.