> The question is whether anyone is really using this technique.

No. This is not at all the question. A possible privacy breach is a serious issue, regardless of whether there is a working POC. If this data is somehow compromised, a stalker could get your identity just by following you a few minutes on the street.

Sure, but the article makes it seem that this is a thing done in a wild on a mass scale which is implausible.

a stalker wouldn't be able to accelerate the same as you

If they were on the same public transport vehicle, that would likely be a different situation.

I recall that Snapchat explicitly mentioned accelerometer data in their privacy policy - why would you mention it unless you did or have plans to use accelerometer data in the future?

I don't think it would require significant bandwidth; the data is just integers which can be collected, compressed and uploaded asynchronously (as part of another heavy upload such as someone sending a picture). The analysis part could be similar to how Shazam works, but that can be done on the server side so on-device performance isn't a concern.

A single simple would be three doubles and a timestamp (64 bit int). Accelerometer max update rate is 100hz. So all possible samples each second would be 3200 bytes. So bandwidth doesn't appear to be a big issue.

Which also means reduced battery.

Most of the aforementioned apps already have autoplaying media and/or keep the camera running in the background (officially for quicker access to it when the user opens the camera view, as it normally takes a second or so to initialize it). Seems like collecting accelerometer data is a drop in the bucket in comparison.