Android May Be Broadcasting Your Location
Your Android device may be broadcasting your location history to anyone within Wi-Fi range, the EFF reports.
The Electronic Frontier Foundation published a report on Thursday stating that Android smartphones and tablets may be broadcasting the user's location history. The problem seems to stem around Android 3.1 and later, and a feature called Preferred Network Offload, or PNO. This feature allows Android devices to maintain a Wi-Fi connection even when the screen is turned off (aka low-power mode), thus extending the battery life and reducing mobile data usage.
"For some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off," the EFF writes.
The big privacy issue here is that a user's wireless network history can provide an accurate roadmap of where that user is and has been. For instance, a list of locations could include the name of a local network, a network at the user's place of work, a doctor's office, and so on. This can be broadcasted even when a device isn't locked onto a wireless network.
"This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi," the report argues. "Normally eavesdroppers would need to spend some effort extracting this sort of information from the latitude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up."
When the EFF contacted Google about the wireless bug, the company responded with this brief note:
"We take the security of our users' location data very seriously and we're always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."
One workaround is to go into the phone's "Advanced Wi-Fi" settings and set the "Keep Wi-Fi on during sleep" option to "Never." This method will likely increase the phone's data usage and power consumption, the EFF reports.
The EFF also points out that Android isn't the only affected OS. "Many laptops are affected, including all OS X laptops and many Windows 7 laptops," the report states. "Desktop OSes will need to be fixed, but because our laptops are not usually awake and scanning for networks as we walk around, locational history extraction from them requires considerably more luck or targeting."
Apple iOS 6 and 7 are not affected by the Wi-Fi problem, but the EFF did observe a problem with an iPad using iOS 5. Earlier versions may or may not be affected.
Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.
I think that's what happens to iPhone users over time. Too little, too late for that guy.
Some people take exception to having their location tracked, it's pretty fundamental stuff
WiFi connections use less power than 3G/4G data connections and leaving WiFi always-on where you have access to a WiFi network means apps that sync stuff in the background can use your WiFi bandwidth instead of your 3G/4G data plan.
A slightly tech savvy stalker could find out your movements. Also robbers could do this, probably not a big problem in 'Merica, where robbers tend to be idiots. But in Latin Merica, for example, many robbers are part of organized crime groups, and many of their targets are thought out well in advance (not the ones who rob gringos... but the ones who robber wealthy Latin families and kidnap their kids).
Now MAC addresses are randomly generated by your iPhone while looking for networks to connect to. Only when the user decides to actually connect is the real MAC address then used.
There are already retailers scanning MAC addresses of devices so they can track where someone has been or how often they visit. iOS 8 now eliminates that ability.
Strange thing is normally you just tell it to connect even when not broadcasting, that should have made it only call out non broadcasting networks.
Either way I am with InvalidError on this one.
Google needs to get their butts in gear, from their response it sounds like they knew about this all along and just were hoping nobody would notice.
So basically, live in the 1980's.... sorry, not going to do that.
What do you think Google was doing when they were using their streetview cars to map WiFi access points? They probably sniffed out the MACs of every other device along the way as well... acquire the data then find ways to monetize it.
The biggest problem is privacy. There should be options for it instead of it just being on and them being able to use and sell to companies so they can advertise specifically to you, send you tons of spam mail/email.
I am about ready to move on from Android. Mainly because I started getting spam email with names of people in my contacts which to me was just super annoying.
So basically, live in the 1980's.... sorry, not going to do that.
Microsoft is not an advertising firm. How do you think Google makes so much money? They make all their money off of advertising. Microsoft is a software company and you have to pay/license their software to use it therefore they do not need to rely on ad revenue like Google does.
As well Apple is also not a advertising firm, although I would never use their products as I find them over priced.
So in short, you don't need to use Android to be in the modern age. They are not the only company out there.