⋮    ⋮  

Think You Can’t Be Tracked If Location Services Are Disabled? Hello, Google!


Yesterday, we shared a report that revealed how websites can track every single keystroke and mouse movement of a user. If that wasn't enough for advertisers and publishers, operating systems get the rest of the job done. A latest report has revealed that Android phones collect location information even when location services are turned off and send that data to Google.

In an investigation led by Quartz, the publication reported that even if a user disables location and doesn't even insert a SIM card, Android phones still collects location information and sends it to Google.

Fake COVID-19 Tracking App Found to Infect Android Phones With Ransomware

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers - even when location services are disabled - and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy. [...]

When Android devices are connected to a WiFi network, they will send the tower addresses to Google even if they don’t have SIM cards installed.

Google has also confirmed this saying that Android devices collect the addresses of the nearby cellular towers and transmit that data back to its servers. However, while confirming this practice, it says the data is "never used or stored." Quartz reports:

The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz.

The publication also added that the search giant has said it is now taking steps to end this practice. However, it remains unclear why the company would even start this invasive data collection practice. Google has only said that it was done to "further improve the speed and performance of message delivery."

"However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”

Google claims that by the end of November, Android phones will no longer send cell-tower location data to Google.

Report raises serious privacy concerns

While OnePlus may have taken up all the headlines for its data collection practices, it is clear that even the US based tech giants continue to take steps that invade user privacy and pose users to serious security risks. As a user who doesn't want to be tracked, be it a law enforcement official or a war journalist, it is disconcerting that a major tech company would just suddenly start collecting more data bypassing its own system toggles without user consent or a notification.

"Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking," the report said. "It has pretty concerning implications," Bill Budington of the Electronic Frontier Foundation said. "You can kind of envision any number of circumstances where that could be extremely sensitive information that puts a person at risk."

A Malware Called Cerebrus Can Steal Google Authenticator 2FA Codes From Android Devices

Google and other major tech companies are currently facing questions from lawmakers over their aggressive data collection practices. The latest report will only add into that distrust that lawmakers and users have for big tech companies like Google and Facebook.

We have reached out to Google and will update this space when we receive a response.