Mobility traces have been widely used in the design and evaluation of mobile networks. To mitigate the privacy threat of publishing mobility traces, the traces are often anonymized and obfuscated. However, even with anonymization and obfuscation techniques, traces can still be deanonymized by exploiting some side information such as users' co-location. With online social networks, mobile users increasingly report their co-locations with other users. For example, a user may report being with friends at a restaurant for lunch or dinner, and hence his friends' location information can be inferred. To find out whether co-location information can be exploited to identify a user and reveal his behavior from a set of mobility traces, we use a dataset from Twitter and Swarm to illustrate how an adversary can gather side information consisting of users' location and co-location. Based on the collected information, the adversary can run a simple yet effective location inference attack. We generalize this attack, formulate the identity inference problem, and develop inference attacks, under different observed side information, that deem effective in identifying the users. We perform comprehensive experimental analysis based on real datasets for taxi cabs and buses. The evaluation results show that co-location information can be used to significantly improve the accuracy of the identity inference attack.