Using the plethora of apps on smartphones andtablets entails giving them access to different types of privacysensitive information, including the device's location. This canpotentially compromise user privacy when app providers shareuser data with third parties (e.g., advertisers) for monetizationpurposes. In this paper, we focus on the interface for datasharing between app providers and third parties, and devisean attack that can break the strongest form of the commonlyused anonymization method for protecting the privacy of users. More specifically, we develop a mechanism called Comberthat given completely anonymized mobility data (without anypseudonyms) as input is able to identify different users andtheir respective paths in the data. Comber exploits the observationthat the distribution of speeds is typically similar amongdifferent users and incorporates a generic, empirically derivedhistogram of user speeds to identify the users and disentangletheir paths. Comber also benefits from two optimizations thatallow it to reduce the path inference time for large datasets. Weuse two real datasets with mobile user location traces (MobileData Challenge and GeoLife) for evaluating the effectivenessof Comber and show that it can infer paths with greater than 90% accuracy with both these datasets.