Entropy Collapse in Mobile Sensors: The Hidden Risks of Sensor-Based Security

Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational assumption that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data across four diverse datasets spanning multiple application contexts. Our findings reveal pervasive biases, with single-sensor mean min-entropy values ranging from 3.408-4.483 bits (S.D.=1.018-1.574) despite Shannon entropy being several multiples higher. We further demonstrate that correlations between sensor modalities reduce the worst-case entropy of using multiple sensors by up to approx. 75% compared to average-case Shannon entropy. This brings joint min-entropy well below 10 bits in many cases and, in the best case, yielding only approx. 24 bits of min-entropy when combining 20 sensor modalities. These results call into question the widely held assumption that adding more sensors inherently yields higher security. We ultimately caution against relying on raw sensor data as a primary source of randomness.