SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Androids caught secretly reporting location data regardless of opt-out

By Lisa Vaas, Sophos

November 24, 2017

Android users, are you wary about being tracked via your phone’s location data?

…So worried that you turn off location services for apps in your settings?

…So cautious that you haven’t even inserted a carrier SIM card?

Well, that’s all been an exercise in futility!

A new report from Quartz has discovered that Google’s been collecting the locations of Androids (and therefore their users) – triangulating them via nearby cell towers.

Quartz tested it on devices that had no apps installed, that lacked SIM cards, and that had location services turned off.

Google has confessed. Yes, it said when contacted by Quartz, it’s been calling home with cellphone tower data since January 2017, in spite of our privacy concerns and the preferences we stipulate in settings.

A Google spokesperson told Quartz that Android devices have been sending the addresses of nearby cell towers as part of the system Google uses to manage push notifications and messages.

The location data was never used, and therefore was never stored, according to the spokesperson. (If you don’t find that particularly comforting, too bad – it’s not possible to disable the feature.)

However, the spokesperson told Quartz that Google is “taking steps to end the practice… at least as part of this particular service.” Google didn’t say whether there are other Android services that do this, but it did say that Android phones will stop snarfing up cell tower location data by next Thursday.

It wasn’t a bug, the spokesperson said in an email. It was intended as a way to grease the wheels of our messaging!

In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery. However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.

The finding pertains to all modern Android devices. Quartz talked to a source familiar with the matter who said that Google started collecting the cell tower addresses after it changed its Firebase Cloud Messaging service, which is owned by Google and runs on Android phones by default.

Quartz observed the location data being shared even on devices reset to factory default settings and apps. Mobile phones keep in touch with the cellular network even if you don’t have a SIM card inserted, which is why you’ll see a signal strength indicator even when you’re not able to make calls. So, Google gets data every time a device comes within range of a new cell tower, and as long as the device has internet access – even if you’re only connected over Wi-Fi- Google can call home with that data.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement