Sign in with
Sign up | Sign in

Android May Be Broadcasting Your Location

Your Android device may be broadcasting your location history to anyone within Wi-Fi range, the EFF reports.

The Electronic Frontier Foundation published a report on Thursday stating that Android smartphones and tablets may be broadcasting the user's location history. The problem seems to stem around Android 3.1 and later, and a feature called Preferred Network Offload, or PNO. This feature allows Android devices to maintain a Wi-Fi connection even when the screen is turned off (aka low-power mode), thus extending the battery life and reducing mobile data usage.

"For some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off," the EFF writes.

The big privacy issue here is that a user's wireless network history can provide an accurate roadmap of where that user is and has been. For instance, a list of locations could include the name of a local network, a network at the user's place of work, a doctor's office, and so on. This can be broadcasted even when a device isn't locked onto a wireless network.

"This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi," the report argues. "Normally eavesdroppers would need to spend some effort extracting this sort of information from the latitude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up."

When the EFF contacted Google about the wireless bug, the company responded with this brief note:

"We take the security of our users' location data very seriously and we're always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."

One workaround is to go into the phone's "Advanced Wi-Fi" settings and set the "Keep Wi-Fi on during sleep" option to "Never." This method will likely increase the phone's data usage and power consumption, the EFF reports.

The EFF also points out that Android isn't the only affected OS. "Many laptops are affected, including all OS X laptops and many Windows 7 laptops," the report states. "Desktop OSes will need to be fixed, but because our laptops are not usually awake and scanning for networks as we walk around, locational history extraction from them requires considerably more luck or targeting."

Apple iOS 6 and 7 are not affected by the Wi-Fi problem, but the EFF did observe a problem with an iPad using iOS 5. Earlier versions may or may not be affected.

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 12 Hide
    DXRick , July 4, 2014 11:24 PM
    Can you please stop using that gory pic of a guy on a cel? Even though I know the story behind that pic, I am not a psychopath and am actually bothered by gore when it is used in the wrong place/venue. Thanks.
Other Comments
  • -5 Hide
    apedosmil , July 4, 2014 11:08 PM
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.
  • 12 Hide
    DXRick , July 4, 2014 11:24 PM
    Can you please stop using that gory pic of a guy on a cel? Even though I know the story behind that pic, I am not a psychopath and am actually bothered by gore when it is used in the wrong place/venue. Thanks.
  • Display all 32 comments.
  • -7 Hide
    apedosmil , July 4, 2014 11:25 PM
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.
  • -1 Hide
    JOSHSKORN , July 5, 2014 12:30 AM
    Quote:
    Can you please stop using that gory pic of a guy on a cel? Even though I know the story behind that pic, I am not a psychopath and am actually bothered by gore when it is used in the wrong place/venue. Thanks.

    I think that's what happens to iPhone users over time. Too little, too late for that guy.
  • 3 Hide
    back_by_demand , July 5, 2014 3:26 AM
    Quote:
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.

    Some people take exception to having their location tracked, it's pretty fundamental stuff
  • 0 Hide
    InvalidError , July 5, 2014 4:33 AM
    With the number of apps that request permission to use location even if they have no apparent reason to need it and people mindlessly tapping their way through permission screens, people's locations probably already leak a lot more than they think it does.
  • -1 Hide
    Blazer1985 , July 5, 2014 5:12 AM
    Totally agree with InvalidError, the os could be as leakproof as you want but you are basically forced to give high permissions even just to install a stupid game.
  • 0 Hide
    godnodog , July 5, 2014 6:20 AM
    I have this question I'm hoping someone can answer, how does 'keep wifi on during sleep" option to never increases data usage and more importantly power consumption?
  • 2 Hide
    InvalidError , July 5, 2014 6:33 AM
    Quote:
    how does 'keep wifi on during sleep" option to never increases data usage and more importantly power consumption?

    WiFi connections use less power than 3G/4G data connections and leaving WiFi always-on where you have access to a WiFi network means apps that sync stuff in the background can use your WiFi bandwidth instead of your 3G/4G data plan.
  • 3 Hide
    southernshark , July 5, 2014 7:21 AM

    Quote:
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.



    A slightly tech savvy stalker could find out your movements. Also robbers could do this, probably not a big problem in 'Merica, where robbers tend to be idiots. But in Latin Merica, for example, many robbers are part of organized crime groups, and many of their targets are thought out well in advance (not the ones who rob gringos... but the ones who robber wealthy Latin families and kidnap their kids).
  • 1 Hide
    ericburnby , July 5, 2014 8:30 AM
    They mentioned iOS 6 and 7, but left out an important new addition in iOS 8.

    Now MAC addresses are randomly generated by your iPhone while looking for networks to connect to. Only when the user decides to actually connect is the real MAC address then used.

    There are already retailers scanning MAC addresses of devices so they can track where someone has been or how often they visit. iOS 8 now eliminates that ability.
  • -4 Hide
    anthony8989 , July 5, 2014 6:12 PM
    Turn your WiFi off when you're not using it. It saves your battery even more anyway. Problem solved .
  • 1 Hide
    ddelrio , July 6, 2014 12:19 AM
    At this point I'm convinced that the only way to live a truly private life is to take all your technology and burn it and go live in the woods.
  • -1 Hide
    nukemaster , July 6, 2014 7:26 AM
    I guess this was done to improve chances of connecting to a non ssid broadcasting network.

    Strange thing is normally you just tell it to connect even when not broadcasting, that should have made it only call out non broadcasting networks.

    Either way I am with InvalidError on this one.
  • 0 Hide
    alextheblue , July 6, 2014 11:00 AM
    Quote:
    Turn your WiFi off when you're not using it. It saves your battery even more anyway. Problem solved .
    I hope for your sake you're a troll and not an apologist. It's 2014. We shouldn't have to manually switch wifi on and off whenever we use our phones. Not to mention interfering with background wifi syncing and large downloads.

    Google needs to get their butts in gear, from their response it sounds like they knew about this all along and just were hoping nobody would notice.
  • 2 Hide
    alextheblue , July 6, 2014 11:04 AM
    Quote:
    At this point I'm convinced that the only way to live a truly private life is to take all your technology and burn it and go live in the woods.
    Not buying devices running software made by an advertising firm would go a long way to reducing your exposure. Not posting everything you see, do, and eat on Instafacetwitbookergram helps a lot too.
  • -3 Hide
    Christopher1 , July 6, 2014 2:22 PM
    Quote:
    Quote:
    At this point I'm convinced that the only way to live a truly private life is to take all your technology and burn it and go live in the woods.
    Not buying devices running software made by an advertising firm would go a long way to reducing your exposure. Not posting everything you see, do, and eat on Instafacetwitbookergram helps a lot too.


    So basically, live in the 1980's.... sorry, not going to do that.
  • 2 Hide
    InvalidError , July 6, 2014 5:08 PM
    Quote:
    from their response it sounds like they knew about this all along and just were hoping nobody would notice.

    What do you think Google was doing when they were using their streetview cars to map WiFi access points? They probably sniffed out the MACs of every other device along the way as well... acquire the data then find ways to monetize it.
  • 1 Hide
    jimmysmitty , July 6, 2014 5:52 PM
    Quote:
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.


    The biggest problem is privacy. There should be options for it instead of it just being on and them being able to use and sell to companies so they can advertise specifically to you, send you tons of spam mail/email.

    I am about ready to move on from Android. Mainly because I started getting spam email with names of people in my contacts which to me was just super annoying.

    Quote:
    Quote:
    Quote:
    At this point I'm convinced that the only way to live a truly private life is to take all your technology and burn it and go live in the woods.
    Not buying devices running software made by an advertising firm would go a long way to reducing your exposure. Not posting everything you see, do, and eat on Instafacetwitbookergram helps a lot too.


    So basically, live in the 1980's.... sorry, not going to do that.


    Microsoft is not an advertising firm. How do you think Google makes so much money? They make all their money off of advertising. Microsoft is a software company and you have to pay/license their software to use it therefore they do not need to rely on ad revenue like Google does.

    As well Apple is also not a advertising firm, although I would never use their products as I find them over priced.

    So in short, you don't need to use Android to be in the modern age. They are not the only company out there.
  • -2 Hide
    koga73 , July 6, 2014 6:01 PM
    FYI nearly all wifi devices do this. If you've ever used airodump you can see a list of client macs along with the essid's that they're searching for... even if the network isn't in range. If you really don't want to be tracked then the only way is to stop using technology.
Display more comments