Follow Slashdot stories on Twitter


Forgot your password?
Android Cellphones Electronic Frontier Foundation Privacy Wireless Networking

Android Leaks Location Data Via Wi-Fi 112

Bismillah writes: The Preferred Network Offload feature in Android extends battery life, but it also leaks location data, according to the Electronic Frontier Foundation. What's more, the same flaw is found in Apple OS X and Windows 7. "This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ('Tom’s Wi-Fi'), workplaces ('Company XYZ office net'), churches and political offices ('County Party HQ'), small businesses ('Toulouse Lautrec's house of ill-repute'), and travel destinations ('Tehran Airport wifi'). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."
This discussion has been archived. No new comments can be posted.

Android Leaks Location Data Via Wi-Fi

Comments Filter:
  • by glennrrr ( 592457 ) on Friday July 04, 2014 @09:25AM (#47383153)
    Also according to the article. Somehow iOS manages to have reasonable Wi-fi battery power without using this trick.
  • Re:Not just Android (Score:5, Informative)

    by jrumney ( 197329 ) on Friday July 04, 2014 @09:29AM (#47383175)
    The headline also fails to mention that only manually configured networks are affected (or perhaps old versions of Android, I don't remember the details from the comments to the story about 6 months ago regarding the exact same "flaw" in iOS). This is why it is a BAD idea for security to turn off access point beacons - because if your access point is not sending out beacons to identify itself, then the clients need to send out connection requests blindly - wherever they are.
  • by jrumney ( 197329 ) on Friday July 04, 2014 @09:34AM (#47383205)
    Its the scan of nearby networks bit where it needs to send out the WiFi networks it wants to connect to. That's why making your SSID hidden is a security anti-pattern. Tell the owners of the networks you connect to to stop doing it - anyone nearby can see all the clients making requests to join your network, so it isn't adding any security in your near vicinity, and elsewhere, others can still see your clients trying to connect to your network wherever they are, because to connect to hidden networks you have to go out and proactively look for them.
  • No, it doesn't "show you've spent enough time to use the wifi." For fun, grab an Android app called WifiCollector. On a 200-mile drive through three Eastern states a few weeks ago, it sniffed out over a thousand WAPs (most of them not open). Anyone using that to imply I was actually at any of those locations long enough to use the wifi is probably just about smart enough to work in a government intelligence job.

  • by Splab ( 574204 ) on Friday July 04, 2014 @10:24AM (#47383465)

    iOS is still happily twirping your data, hence the mac change in iOS 8.

  • Re:Not just Android (Score:2, Informative)

    by Dixie_Flatline ( 5077 ) <> on Friday July 04, 2014 @10:32AM (#47383501) Homepage

    It's marginally more relevant that Android does it. There are a lot more Android devices than portable Windows and OS X devices that actually move around. (That is, not even the full population of laptops is necessarily being moved from hotspot to hotspot; I know plenty of people that have laptops that stay at home and are just for portability around the house.)

    Anyway, the headline is reasonably sensational, but not false, and the summary clarifies. I've seen a lot worse (bad headlines, worse summaries; etc.) pretty much everywhere that ever posts a headline.

  • by tlhIngan ( 30335 ) <> on Friday July 04, 2014 @12:38PM (#47384137)

    iOS is still happily twirping your data, hence the mac change in iOS 8.

    No, that's solving a different problem, namely one of tracking. In sending probe frames (to find out what accesspoints are around) it uses a random MAC address in order to foil those MAC address sniffers they plant in malls and stores that are used to track people as they wander around.

    FYI - Android does not have this feature (yet).

  • To be a decent analogy, they'd need it affixed to something mobile, like their car, as well as to their house.

    The point here is that the CLIENTS start broadcasting the string whenever they're not connected to Wifi. So his phone/laptop will be advertising where their owner lives whenever he's away from home with them.

    If you still don't get it, it's like everyone in his family wearing a T-shirt that says "My home address is 123 Johnson Rd -- and if you're reading this, I'm probably not at home".

    It makes burglary easy, and stalking as well.

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe