Android, Information Security, Top News

Androids caught secretly reporting location data regardless of opt-out



Android users, are you wary about being tracked via your phone’s location data?

…So worried that you turn off location services for apps in your settings?

…So cautious that you haven’t even inserted a carrier SIM card?

Well, that’s all been an exercise in futility!

A new report from Quartz has discovered that Google’s been collecting the locations of Androids (and therefore their users) – triangulating them via nearby cell towers.

Quartz tested it on devices that had no apps installed, that lacked SIM cards, and that had location services turned off.

Google has confessed. Yes, it said when contacted by Quartz, it’s been calling home with cellphone tower data since January 2017, in spite of our privacy concerns and the preferences we stipulate in settings.

A Google spokesperson told Quartz that Android devices have been sending the addresses of nearby cell towers as part of the system Google uses to manage push notifications and messages.

The location data was never used, and therefore was never stored, according to the spokesperson. (If you don’t find that particularly comforting, too bad – it’s not possible to disable the feature.)

However, the spokesperson told Quartz that Google is “taking steps to end the practice… at least as part of this particular service.” Google didn’t say whether there are other Android services that do this, but it did say that Android phones will stop snarfing up cell tower location data by next Thursday.

It wasn’t a bug, the spokesperson said in an email. It was intended as a way to grease the wheels of our messaging!

In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery. However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.

The finding pertains to all modern Android devices. Quartz talked to a source familiar with the matter who said that Google started collecting the cell tower addresses after it changed its Firebase Cloud Messaging service, which is owned by Google and runs on Android phones by default.



Quartz observed the location data being shared even on devices reset to factory default settings and apps. Mobile phones keep in touch with the cellular network even if you don’t have a SIM card inserted, which is why you’ll see a signal strength indicator even when you’re not able to make calls. So, Google gets data every time a device comes within range of a new cell tower, and as long as the device has internet access – even if you’re only connected over Wi-Fi- Google can call home with that data.

You don’t have to look far to find instances where location data has been used in surveillance scenarios in which the information of scads of unintended targets gets caught up in dragnets. One of the most notorious such dragnets was revealed by Edward Snowden, when he released documents that showed that the National Security Agency (NSA) was collecting and storing data in a vast database that contained the locations of at least hundreds of millions of devices.

Nevertheless, there’s no evidence that Google was up to no good, and therefore no obvious reason to distrust the statement that the data was submitted but discarded.

After all, after the Google Wi-Spy scandal – where Street View cars drove around sniffing out Wi-fi network names but accidentally saved additional data fragments along the way, soemtimes including passwords, usernames, email contents and so on – you’d like to think that Google wouldn’t keep data it wasn’t directly using.

How does one avoid being tracked by cell phone towers that track you even with location services turned off? Most consumers would likely imagine that powering down their handsets should prevent it from emitting or receiving a signal. They might be wrong.

With Snowden’s release of documents, the possibility arose that the NSA can even trace a phone that’s powered off. In fact, the US State Department’s Bureau of Diplomatic Security in 2013 warned those traveling to the Winter Olympic Games in Russia to be extremely cautious with communications. The department’s list of precautions included removing batteries from phones entirely when not in use. Snowden himself told people to store their phones in the refrigerator, given that it’s a Faraday cage that blocks electromagnetic fields.

So there you have it: if you’re really worried about tracking, it seems you only have two choices: de-batterize the sucker, or get your kitchen appliances to shut it up.




Source : Naked Security



Previous ArticleNext Article

Founder and Editor-in-Chief of ‘Professional Hackers India’. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.