The Electronic Frontier Foundation published a report on Thursday stating that Android smartphones and tablets may be broadcasting the user's location history. The problem seems to stem around Android 3.1 and later, and a feature called Preferred Network Offload, or PNO. This feature allows Android devices to maintain a Wi-Fi connection even when the screen is turned off (aka low-power mode), thus extending the battery life and reducing mobile data usage.
"For some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off," the EFF writes.
The big privacy issue here is that a user's wireless network history can provide an accurate roadmap of where that user is and has been. For instance, a list of locations could include the name of a local network, a network at the user's place of work, a doctor's office, and so on. This can be broadcasted even when a device isn't locked onto a wireless network.
"This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi," the report argues. "Normally eavesdroppers would need to spend some effort extracting this sort of information from the latitude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up."
When the EFF contacted Google about the wireless bug, the company responded with this brief note:
"We take the security of our users' location data very seriously and we're always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."
One workaround is to go into the phone's "Advanced Wi-Fi" settings and set the "Keep Wi-Fi on during sleep" option to "Never." This method will likely increase the phone's data usage and power consumption, the EFF reports.
The EFF also points out that Android isn't the only affected OS. "Many laptops are affected, including all OS X laptops and many Windows 7 laptops," the report states. "Desktop OSes will need to be fixed, but because our laptops are not usually awake and scanning for networks as we walk around, locational history extraction from them requires considerably more luck or targeting."
Apple iOS 6 and 7 are not affected by the Wi-Fi problem, but the EFF did observe a problem with an iPad using iOS 5. Earlier versions may or may not be affected.