Printed from http://www.electronista.com

EFF: Android phones could be 'leaking' location data

updated 05:35 pm EDT, Thu July 3, 2014

Foundation discovers phones less than three years old broadcasting visited locations

Recently, the Internet advocacy and legal group the Electronic Frontier Foundation (EFF) discovered that a number of Android devices could be sharing location information when not connected to Wi-Fi. The Android phones in question periodically send out information on Wi-Fi networks it knows in order to speed up the process of connecting. However, in doing so it gives off previous location data based on stored wireless networks in "human language."

The root of the problem stems from the Preferred Network Offload (PNO) feature that was introduced with Android 3.1 Honeycomb. The theory behind PNO is that allows devices to connect and maintain connections over Wi-Fi when they kick into low-power modes, such as the screen turning off. This helps to save power, and limits data usage.

"To our dismay, we discovered that many of the modern Android phones we tested leaked the names of the networks stored in their settings (up to a limit of 15)," said the EFF's Peter Eckersely and Jeremy Gillula. "And when we looked at these network lists, we realized that they were, in fact, dangerously precise location histories."

Information obtained from the Wi-Fi data could be seen as a greater threat than other location data issues, since there is little to no effort involved if someone is monitoring for that information and in range. With the network information stated plainly, locations can be traced back using their names. The process of extrapolating locations previously was more complicated, leaving a malicious party to sort through longitude and latitude history. Cleverly-named wireless networks may not be enough, as the EFF points out there are still ways to look them up online.

The code for PBO ties into an open source project, wpa_supplicant, which Linux and Android use for Wi-Fi management. Once the issue was confirmed on a number of devices, the EFF contacted Google over the problem. Google responded, indicating that it takes the security of user's location data seriously. However, since the problem is tied to user connectivity, the company needs to investigate.

Yesterday, Google issued a patch to wpa_supplicant, but it will take some time to see it in Android code. Even if included in future updates, other devices may be left behind that are no longer supported or had no support from Google in the first place. Presuming that earlier versions of Android also have the issue, more than 20 percent of all Android devices or more could be affected. By comparison, possibly three percent of iOS users are still on iOS 5 or lower.

In the course of testing, the EFF indicated that Android wasn't the only platform with the problem, but it currently appears "to pose the greatest privacy risk at the moment." Apple devices with iOS 6 and 7 were found to be free of the problem, but iOS 5 showed the same issue as Android. The Wi-Fi leak also extends to OS X and Windows 7 laptops.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Patriot Supersonic Rage XT 128GB USB drive

USB memory sticks are getting larger by the day, their growth speeding along with the availability and expansion of memory chips. But ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Sponsor

toggle

Most Commented

 
toggle

Popular News