Android May Be Broadcasting Your Location

The Electronic Frontier Foundation published a report on Thursday stating that Android smartphones and tablets may be broadcasting the user's location history. The problem seems to stem around Android 3.1 and later, and a feature called Preferred Network Offload, or PNO. This feature allows Android devices to maintain a Wi-Fi connection even when the screen is turned off (aka low-power mode), thus extending the battery life and reducing mobile data usage.

"For some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off," the EFF writes.

The big privacy issue here is that a user's wireless network history can provide an accurate roadmap of where that user is and has been. For instance, a list of locations could include the name of a local network, a network at the user's place of work, a doctor's office, and so on. This can be broadcasted even when a device isn't locked onto a wireless network.

"This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi," the report argues. "Normally eavesdroppers would need to spend some effort extracting this sort of information from the latitude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up."

When the EFF contacted Google about the wireless bug, the company responded with this brief note:

"We take the security of our users' location data very seriously and we're always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."

One workaround is to go into the phone's "Advanced Wi-Fi" settings and set the "Keep Wi-Fi on during sleep" option to "Never." This method will likely increase the phone's data usage and power consumption, the EFF reports.

The EFF also points out that Android isn't the only affected OS. "Many laptops are affected, including all OS X laptops and many Windows 7 laptops," the report states. "Desktop OSes will need to be fixed, but because our laptops are not usually awake and scanning for networks as we walk around, locational history extraction from them requires considerably more luck or targeting."

Apple iOS 6 and 7 are not affected by the Wi-Fi problem, but the EFF did observe a problem with an iPad using iOS 5. Earlier versions may or may not be affected.

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

  • apedosmil
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.
    Reply
  • DXRick
    Can you please stop using that gory pic of a guy on a cel? Even though I know the story behind that pic, I am not a psychopath and am actually bothered by gore when it is used in the wrong place/venue. Thanks.
    Reply
  • apedosmil
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.
    Reply
  • JOSHSKORN
    Can you please stop using that gory pic of a guy on a cel? Even though I know the story behind that pic, I am not a psychopath and am actually bothered by gore when it is used in the wrong place/venue. Thanks.
    I think that's what happens to iPhone users over time. Too little, too late for that guy.
    Reply
  • back_by_demand
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.
    Some people take exception to having their location tracked, it's pretty fundamental stuff
    Reply
  • InvalidError
    With the number of apps that request permission to use location even if they have no apparent reason to need it and people mindlessly tapping their way through permission screens, people's locations probably already leak a lot more than they think it does.
    Reply
  • Blazer1985
    Totally agree with InvalidError, the os could be as leakproof as you want but you are basically forced to give high permissions even just to install a stupid game.
    Reply
  • godnodog
    I have this question I'm hoping someone can answer, how does 'keep wifi on during sleep" option to never increases data usage and more importantly power consumption?
    Reply
  • InvalidError
    13652558 said:
    how does 'keep wifi on during sleep" option to never increases data usage and more importantly power consumption?
    WiFi connections use less power than 3G/4G data connections and leaving WiFi always-on where you have access to a WiFi network means apps that sync stuff in the background can use your WiFi bandwidth instead of your 3G/4G data plan.
    Reply
  • southernshark
    Kevin, why is this important? What exactly does this allow someone to do/track? Advertisers? Hackers? How can this affect a user's everyday life? Maybe a stupid question to some, but I'm still learning the more complicated stuff.


    A slightly tech savvy stalker could find out your movements. Also robbers could do this, probably not a big problem in 'Merica, where robbers tend to be idiots. But in Latin Merica, for example, many robbers are part of organized crime groups, and many of their targets are thought out well in advance (not the ones who rob gringos... but the ones who robber wealthy Latin families and kidnap their kids).
    Reply