The increasing presence of smart mobile devices in sensitive environments raises significant security and privacy concerns, particularly due to the unauthorized usage of built-in sensors such as cameras and microphones. However, space owners currently have limited means to enforce restrictions on mobile devices within their premises. To address this issue, we propose a novel location-based access control system utilizing bluetooth low energy (BLE) beacons to dynamically enforce security policies. The proposed system introduces the jumbo beacon concept, which enables fragmented transmission and reassembly of signed access control policies, overcoming BLE payload limitations. Unlike centralized enforcement models, our approach is fully decentralized, eliminating the need for a trusted central server and providing a flexible, scalable mechanism for enforcing fine-grained access policies. The system is implemented as a native security module within the Android operating system, ensuring tamper-resistant enforcement of policies while preventing unauthorized modifications. A proof-of-concept implementation demonstrates the system’s effectiveness, highlighting its real-time policy enforcement capabilities and resilience against adversarial threats. The results indicate that our approach offers a lightweight, scalable, and secure solution for enforcing location-based access control in dynamic environments.
FuJYiYWangX, et al.Research on Mobile Computing and Network Security. New York, NY, USA: Association for Computing Machinery, 2025.
5.
FarhadighalatiNEstrada-JimenezLANikghadam HojjatiS, et al.A systematic review of access control models: Background, existing research, and challenges. IEEE Access2025; 13: 1–1.
6.
ChowdaryTNRajPPAnupamaC, et al.Location & user profile based mobile application access. In: International conference on informatics and analytics. Association for Computing Machinery. ISBN 9781450347563.
7.
RoesnerFMolnarDMoshchukA, et al.World-driven access control for continuous sensing. In: ACM conference on computer and communications security. Association for Computing Machinery. ISBN 9781450329576, p.1169–1181.
8.
Rubio-MedranoCEJoganiSLeitnerM, et al.Effectively enforcing authorization constraints for emerging space-sensitive technologies. In: ACM symposium on access control models and technologies. association for computing machinery. ISBN 9781450367530, p.195–206.
9.
AbdullaAKBakirasSSheJ. ICMS: A flexible location-based access control system for mobile devices. IEEE Syst J2023; 17: 1536–1547.
10.
BertinoEKirkpatrickMS. Location-based access control systems for mobile users: Concepts and research directions. In: ACM International workshop on security and privacy in GIS and LBS. Association for Computing Machinery. ISBN 9781450310321, p.49–52.
OluwatimiOMidiDBertinoE. A context-aware system to secure enterprise content. In: ACM symposium on access control models and technologies. Association for Computing Machinery. ISBN 9781450338028, p.63–72.
13.
MartinPDRushananMTantilloT, et al.Applications of secure location sensing in healthcare. In: ACM International conference on bioinformatics, computational biology, and health informatics. Association for Computing Machinery. ISBN 9781450342254, p.58–67.
14.
KirkpatrickMSDamianiMLBertinoE. Prox-rbac: A proximity-based spatially aware RBAC. In: ACM international symposium on advances in geographic information systems. Association for Computing Machinery. ISBN 9781450310314, p.339–348.
15.
CruzIFGjomemoRLinB, et al.A location aware role and attribute based access control system. In: International symposium on advances in geographic information systems. Association for Computing Machinery. ISBN 9781605583235.
16.
KirkpatrickMSBertinoE. Enforcing spatial constraints for mobile RBAC systems. In: ACM symposium on access control models and technologies. Association for Computing Machinery. ISBN 9781450300490, p.99–108.
17.
HsuACRayI. Specification and enforcement of location-aware attribute-based access control for online social networks. In: ACM international workshop on attribute based access control. Association for Computing Machinery. ISBN 9781450340793, p.25–34.
18.
ZhuYMaDHuangD, et al.Enabling secure location-based services in mobile cloud computing. In: ACM SIGCOMM workshop on mobile cloud computing. Association for Computing Machinery. ISBN 9781450321808, p.27–32.
19.
HengartnerUSteenkisteP. Implementing access control to people location information. In: ACM symposium on access control models and technologies. Association for Computing Machinery. ISBN 1581138725, p.11–20.
20.
KarimiLPalanisamyBJoshiJ. A dynamic privacy aware access control model for location based services. In: IEEE international conference on collaboration and internet computing. pp.554–557. DOI: 10.1109/CIC.2016.084.
21.
MainaliPShepherdCPetitcolasFA. Privacy-enhancing context authentication from location-sensitive data. In: International conference on availability, reliability and security. Association for Computing Machinery. ISBN 9781450371643.
22.
ArdagnaCACremoniniMDamianiE, et al.Supporting location-based conditions in access control policies. In: ACM symposium on information, computer and communications security. Association for Computing Machinery. ISBN 1595932720, p.212–222.
23.
AbdouAMatrawyAvan OorschotPC. Accurate manipulation of delay-based internet geolocation. In: ACM on asia conference on computer and communications security. Association for Computing Machinery. ISBN 9781450349444, p.887–898.
24.
CleeffAPietersWWieringaR. Benefits of location-based access control: A literature study. In: IEEE/ACM international conference on green computing and communications international conference on cyber, physical and social computing. pp.739–746. DOI: 10.1109/GreenCom-CPSCom.2010.148.
25.
DeckerM. Requirements for a location-based access control model. In: ACM International conference on advances in mobile computing and multimedia. Association for Computing Machinery. ISBN 9781605582696, p.346–349.
Feasycom fsc-bp104d: Bluetooth 5.1 waterproof ip67 beacon — 10-year battery life — ibeacon, eddystone, altbeacon support, 2025. https://www.feasycom.com/product/fsc-bp104d.
30.
BhatPDuttaK. A survey on various threats and current state of security in android platform. ACM Comput Surv2019; 52: 1–35.
31.
AldoseriAChothiaTMoreiraJ, et al.Symbolic modelling of remote attestation protocols for device and app integrity on android. In: Proceedings of the 2023 ACM Asia conference on computer and communications security. ASIA CCS ’23, New York, NY, USA: Association for Computing Machinery. ISBN 9798400700989, p. 218–231. DOI: 10.1145/3579856.3582812.
32.
IbrahimMImranABianchiA. Safetynot: on the usage of the safetynet attestation api in android. In: Proceedings of the 19th annual international conference on mobile systems, applications, and services. MobiSys ’21, New York, NY, USA: Association for Computing Machinery. ISBN 9781450384438, p.150–162. DOI: 10.1145/3458864.3466627.
33.
Overview of the Play Integrity API | Android Developers, 2025. https://developer.android.com/google/play/integrity/overview.
