Android phones have been collecting user data even when the GPS function is turned off, Google confirmed following an investigation by Quartz Media.
Starting this year, Android phones have accessed data on users’ locations, without their consent, by collecting addresses from cellular towers in the area for a relative position of the device. Data collection was still possible and took place even though the user wasn’t using apps on the phone or the device was missing a carrier SIM card. The data Google receives is encrypted but a cyberattack on the phone could allow the attacker to intercept it and link it to the phone’s unique ID number.
A Google spokesperson said this activity is about to end.
“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” said a Google spokesperson when contacted by Quartz.
“However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”
Once connected to the internet, the phone instantly sent the information to Google. It’s strange that this function is not optional and Google has full access to users’ locations, as it may really affect people whose lives depend on keeping their activity concealed, as in the case of people under witness protection programs or victims of domestic abuse. Through triangulation, a users’ location can be identified within a quarter-mile radius, and more accurately in urban areas.
This is a Security Bloggers Network syndicated blog post authored by Luana Pascu. Read the original post at: HOTforSecurity