Digital rights group: Some Android phones may tell location history

Jul 04, 2014 by Nancy Owano weblog
Credit: Peter Griffin/Public Domain

Is your phone a calling companion or callout snitch? The Electronic Frontier Foundation delivered findings about some Android phones on Thursday—concerning newer, not older, models. According to EFF findings, a number of newer Android devices could serve up a privacy headache by broadcasting your whereabouts. The phone could turn snitch in revealing the most recently connected wi-fi networks that a device has joined while the mobile device is in sleep mode. The EFF article's headline read, "Is Your Android Device Telling the World Where You've Been?" The report's authors, EFF's Peter Eckersley, technology projects director, and Jeremy Gillula, staff technologist, had some other questions: "Do you own an Android device? Is it less than three years old? If so, then when your phone's screen is off and it's not connected to a Wi-Fi network, there's a high risk that it is broadcasting your location history to anyone within Wi-Fi range that [sic] wants to listen."

Eckersley and Gillula discovered many of the Android phones tested "leaked the names of the networks stored in their settings (up to a limit of fifteen). And when we looked at these network lists, we realized that they were in fact dangerously precise location histories."

What is causing the leaks? The researchers traced the problem to a feature that was introduced in Honeycomb (Android 3.1). The feature is Preferred Network Offload (PNO), which "is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they're in low-power mode (i.e., when the screen is turned off). The goal is to extend battery life and reduce mobile data usage." They said many of the phones running Honeycomb or later and even one running Gingerbread broadcast the names of networks they knew about when their screens were turned off. The EFF brought this to the attention of Google. In its response, Google said, "Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."

EFF reported that, additionally, "a Google employee submitted a patch to wpa_supplicant.which fixes this issue." The authors said they were glad the problem was addressed so quickly, but they also noted that it will be some time before that fix "gets integrated into the downstream Android code."

Not every single Android device is affected but for those that are, the EFF suggests, for any user concerned about this issue, a workaround. The person can go to the 's Advanced Wi-Fi settings and turn the "Keep Wi-Fi on during sleep" option to "Never." This, added the EFF, will cause a moderate increase in data usage and power consumption. The workaround is available for most devices but not all.

"Location history is extremely sensitive information," the EFF said. "We urge Google to ship their fix as soon as possible, and other Android distributors to offer prompt updates containing it."

Explore further: Review: Windows Phone advances with 8.1 update

More information: www.eff.org/deeplinks/2014/07/… rld-where-youve-been

add to favorites email to friend print save as pdf

Related Stories

QR code security vulnerability found with Google Glass

Jul 18, 2013

Engineers at Lookout Mobile Security have discovered a previously unknown security vulnerability with Google's project Glass wearable headset. Marc Rogers reports on the company's web site that engineers found that when pictures were taken of pri ...

Recommended for you

Hit 'Just Dance' game goes mobile Sept. 25

Sep 18, 2014

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

Sep 18, 2014

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

Sep 18, 2014

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 0