Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy Android Google

Google Collects Android Users' Locations Even When Location Services Are Disabled (qz.com) 196

Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.
This discussion has been archived. No new comments can be posted.

Google Collects Android Users' Locations Even When Location Services Are Disabled

Comments Filter:
  • by Anonymous Coward

    "Google, the unit of Alphabet behind Android,"

        Who again?

  • Uhhhh (Score:5, Insightful)

    by sunami88 ( 1074925 ) on Tuesday November 21, 2017 @09:02AM (#55594161)
    Not that it makes it OK (at all), but raise your hand if you're surprised. No one? Yup, pretty much. Do No Evil went out the window a long time ago. Google is creepy.
    • I'm pretty sure all actual "freetards" dumped google years ago and moved to using android forks like Paranoid Android with all the google services removed. What you're talking about are mostly just your garden variety google fanboys.
    • They can still raise the "bug" card...
    • Creepy and Evil are not the same thing. You need some perspective.

    • Not surprised. But that's also why I've never had an Android phone. Also, phones are only $10 if you just want a phone.

  • So tablets and other devices that don't have cellular capability are affected as well?

    • No. Your IP address is different from a wireless-telecom tower Identifier (even though 4G towers also use IP addresses in their identification, it's treated as a separate field). In other words, any code responsible for uploading your tower info would just effectively say "disconnected". Now whether or not your Android also sends your local IP address....I mean, yeah, it basically does or else you couldn't use google services. But your IP address doesn't necessarily reveal anything at all about your locatio
  • I my phone in "airplane mode" with location off 90% of the day. Collect that data! I get better battery life. No nuisance interruptions. And no tracking.

    When I need services, of course, I turn on all services. Most of the time. It is off. At home, I put it in "airplane mode" with location disabled, and then WIFI on, when it is important for me to do so.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      You must have no friends or family who you want to reply to when they send you a message

      • I call it time management. Being off 90% of the time is being on 10%. That's checking services many times a day, and responding as needed.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      So you have a phone where you can't receive calls for 90% of the day. Congratulations.

      • Re:Airplane mode (Score:4, Insightful)

        by El Cubano ( 631386 ) on Tuesday November 21, 2017 @10:11AM (#55594703)

        So you have a phone where you can't receive calls for 90% of the day. Congratulations.

        Actually, he has a PDA (that also plays music, takes pictures, lets you read books/magazines, etc.) that can receive calls 10% of the day. Think about how anybody who works in a white collar profession uses their phone. I bet 90% PDA (that also plays music, takes pictures, lets you read books/magazines, etc.) with 10% phone split pretty accurately describes how most of them use their devices. It is pretty close for me.

        Of course some people are tethered to their phone for voice/text connectivity, but there are plenty of folks who view their device as a tool, not a slave master.

    • In that case, unless you are using your phone as an MP3 player, you may as well just turn it off. Then you'll get even better battery life.

    • Question now is.. does it send the bundled data over during those 10% youâ(TM)re online?

    • That's nothing. I carry around my cellphone without battery. Track that, Google!
  • MicroG (Score:5, Informative)

    by Anonymous Coward on Tuesday November 21, 2017 @09:13AM (#55594235)

    so ditch google services and use microG. I also disable firebase services from any apps that try to use it. Firebase lets the developer set up phoning home from the app and other such nonsense.

    https://microg.org/

  • IOW that's reason why we such precise traffic reports for some time additionally to the best times to go to a restaurant, a movie theater, a sauna, a spa, etc. because it reports when it's overcrowed and when not.
    It's a good thing.
    Thank you, Google.

    • "overcrowed" obviously means, when there are a lot of crows. :-)

    • Re:I like it. (Score:4, Interesting)

      by invalid_user ( 253723 ) on Tuesday November 21, 2017 @09:57AM (#55594559)

      When I first started reading Slashdot about 20 years ago, I was impressed by the wonderfully liberal ideas that abound in the comments section of the site, for example,

      "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." (Benjamin Franklin)

      "I disapprove of what you say, but I will defend to the death your right to say it." (Evelyn Beatrice Hall)

      They gave me character, and shaped my world view.

      Fast forward 20 years, and I find this generation to be more than willing to give up their freedom for a little convenience, or to be with the trendy in Silicon Valley, or simply because they can't stand a certain politician.

      • by kbonin ( 58917 )

        obligatory...

        This is the way the world ends
        This is the way the world ends
        This is the way the world ends
        Not with a bang but a whimper.

    • It's a good thing.

      No, it's not. It's an evil thing. That some minor conveniences can be derived from it doesn't change that.

  • by Shark ( 78448 ) on Tuesday November 21, 2017 @09:16AM (#55594253)

    They already map IP addresses rather precisely so all they need is the IP address your phone uses (through WiFi) to figure out where you are so long as one device somehow provided them its location from that IP address. In effect, your 'location' is turned on the moment somebody else has or had 'location' turned on while connected to that wifi access point.

    • That's an interesting thought. We don't know that they do this, but it'd be super easy to do technically speaking. Although this does not work if you use a VPN or other tunneling mechanism, or your if hotspot itself allows remote connections with a tunnel. That will either give you a unique IP in a separate location, or a shared IP, again, in a different location, with your requests aggragated with everyone else using the same IP. Also this doesn't exactly work if your have your wifi configured to use multi
  • I do not yet have a smart phone addiction. In fact I most often leave mine completely OFF unless I need to use it for something. Sometimes it stays off for a week at a time. Amazingly liberating.
    • by MrKaos ( 858439 )

      I do not yet have a smart phone addiction. In fact I most often leave mine completely OFF unless I need to use it for something. Sometimes it stays off for a week at a time. Amazingly liberating.

      Plus really good battery life.

    • So, your friends/family/coworkers call you to your fixed line for you to turn your cellphone on and be able to talk with them?
  • Is apple any better? I might have to set aside my hate for apple after the fanless g4 power supply debacle.
    • Is apple any better?

      I don't know -- but I suspect so. At the very least, they couldn't really be any worse.

  • by DontBeAMoran ( 4843879 ) on Tuesday November 21, 2017 @09:24AM (#55594299)

    Google can't be trusted and will violate your privacy. They only stop doing it when they get caught, like in this instance.

    Apple is releasing overpriced defective hardware because they can't be bothered to spend their pile of cash on QA and they are actively removing features we need and replacing them with new and unreliable ones that we never asked for in the first place.

    As far as I know, Microsoft are out of the smartphone race. Not that I'd trust them any more than the other two, given their history.

    So what? We all go back to dumb flip phones and pretend the whole thing never happened?

    • Plasma Mobile?
    • by ctilsie242 ( 4841247 ) on Tuesday November 21, 2017 @10:07AM (#55594665)

      The nice thing about Android are firewalling apps. Root is a lot better, but you can get apps that do a loopback VPN as a way of firewalling. With this in mind, just blocking all outgoing traffic except specific programs is easy. On the iOS side... only firewall available is available via jailbreaking.

      • This. I wouldn't use my phone (or any computer) without a firewall. The important point is that the firewall blocks all traffic, both incoming and outgoing, by default.

      • The problem of course with a loopback vpn as a way of firewalling comes when you want to actually encrypt your traffic. I'm not aware of an android app that allows both.
    • by Mitreya ( 579078 )

      Google can't be trusted and will violate your privacy.

      Yes.

      They only stop doing it when they get caught, like in this instance.

      No, they won't stop.

      • I meant they're going to stop doing the thing they were caught doing in this particular manner. Of course they're going to continue doing all the other shit we don't know about yet.

      • + Insightful.

        What gets my goat is the way they go, "Oh, we've been caught. Okay, we'll stop doing that now that you've detected this. See? We're good guys".
        Had they not been caught, they would continue to do it until they did get caught. They're not sorry they did it, they're only sorry they got caught. Come to think of, they didn't even apologize, did they?
        I should mention I don't buy their cover story that no data was stored and they did this only to improve message delivery.

        Well, privacy (without tak

    • So what? We all go back to dumb flip phones and pretend the whole thing never happened?

      Or maybe we do what we're already doing and don't give a shit. Seriously there are people with location services disabled? That I think is the news worthy thing here, that there's someone out there that cares enough about this stuff to tick a checkbox.

    • I do not have and never will have a so-called 'smartphone', for reasons made clear in this article, along with a plethora of other reasons. My advice to everyone is to wean yourself off smartphones, and then finally dump them completely -- unless you're an exhibitionist or attention-seeking type with a bad case of look at me, look at me!! Isn't it clear to everyone by now they're just surveillance and data-collection devices, masquerading as a phone? Not trolling, not kidding, and seriously I do not have or
    • I am getting quite a bit of practice in wiping Google's stock from the Nexus 6, and cutting all ties to Google.

      I wonder if and when I will do it to my own phone, and confine Google to the GApps Browser on F-Droid. Maybe soon.

  • What would be the advantage for Google to collect data on which cellphone tower I am nearest? It seems likely the upside is pretty small compared to the fallout if/when they get caught, right?

    Unless. There will be no more than a modicum of outrage over this latest privacy transgression, outside of a few techie and personal freedom-centric circles.

    "Google is spying on your location without your approval!"

    "Hmmmm... Missed that, but: Did you hear Charlie Rose is a groper, too?"

  • In this day and age no consumer should have any "expectation of privacy" with an off-the-shelf electronic device. The entire "IoT" movement is simply there to collect more data on consumers. Cellphones are the ultimate tracking device, Google Maps has done this tracking for years to determine areas of high traffic, how else did people think Google knew certain sections of the highway were "red" and backed up and others were "green" with no delay?
  • I have all google services quarantined and every google domain name blocked via AdAway. I'd like to know how they were shipping this information out to see if I have it blocked. The article is devoid of technical information.

  • How unexpected, who would have expected it?

    I'm sure it will be removed from the code base post haste and we can all rest assured it's all gone, forgotten and that our faith and trust can be restored.

    Never do it again, promise.

  • by CeasedCaring ( 1527717 ) on Tuesday November 21, 2017 @09:51AM (#55594517)
    This is why I'm looking hard at the "Librem 5" linux phone for my next handset.
    It has hardware switches for camera / wifi & bluetooth / baseband radio. When it says those services are off, it means it!
    https://puri.sm/shop/librem-5/ [puri.sm]
    • Re: (Score:3, Interesting)

      by Doctor Memory ( 6336 )

      LOL, sure it does. Because you're going to flip that switch and it'll tell you that it switched those services off. You'll never know if it really did because you'll never go to the effort of actually auditing the code base to verify that there's no chance that those are merely soft switches that get polled for state changes once a second, and meanwhile the services are actually controlled by code and could be re-started at any time. And even if you did, there's no chance you'd ever compile the system and v

      • by Anonymous Coward

        Bro... bruhhhhh...

        These things will be quickly and easily audited. I mean, it's not hard to tell when a radio is off...

        And then there's the software. You know what open source is, right? They've got 2.5 million in investment - what do you want to bet there are a couple security researchers in there?

  • Rather than just abandoning "don't be evil", Google has gone the opposite way and are following the maxim "let's be evil".

  • By the end of November, the company said, Android phones will no longer send cell-tower location data to Google

    I've got a bridge to sell you..

  • by evolutionary ( 933064 ) on Tuesday November 21, 2017 @10:12AM (#55594709)
    Anyone with an Android OS (and probably iOS for that matter). has limited if any true control on their phones. They are basically trojans to collect data from you. One can try to install Cyanogen or LineageOS
    https://download.lineageos.org... [lineageos.org]

    There is Also PureOS. Because it's not Google default you don't get the Google app #$%, but becuase they are derived from Android, it's not clear whether the tracking functionality is fully under your control or not. But at least the odds are better than pure Google Android, which, frankly, it's not surprise they have little "gems" in data collection they make it impossible for you to turn of..like Microsoft Updates in Windows 8/10. (Anyone using these OS's cannot turn off a lot of the data collection or updates there either)
  • You could get a phone an foreign country that doesn't allow android, like China, get their OS and possibly use it in North America. the phone wouldn't be trying to send your location data to Google or any other USA company/agency. Of course it would be sending data to China, but they may be blocked by North American government firewalls or such, so that could be an interesting way to express your outrage. In general, if you don't want people to spy on you, say you know, and then say "no". there are a few cr
  • Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. [emphasis added]

    This seems to be a giant leap between collecting cell tower data and knowing where individuals are that is totally dependent on their implementation. Just to be concrete/pedantic, let's suppose that message sent by each phone was "Here's a list of cell towers I can see: { ... }" and that the server processed this by incrementing a counter for tower in the list and nothing more. I think most of us would conclude that in that case Google has no information about any individual's location.

    To be clear, I'm not

    • If you read TFA, you will see that it is precise location information with timestamps. JSON provided. So, no, not a leap.

      • Yes, I read the JSON dump. it is a leap. Because two important things are missing in the chain of reasoning:

        1. How the token is generated and whether it is permanently associated to a real individual identifier or if it is randomly generated at each boot or even for each session. If it's the latter, it's not individual location data because it's not tied to an individual. Of course, for this to be the case, the back end would also have to refrain from associating the request to (for instance) an IP address.
        2. W
        • Like I said, Google needs to make a clear statement. The rest is just speculation.

          Google needs to do more than "make a clear statement". Google's statements are without meaning. They need to actually demonstrate their goodwill by ceasing this activity.

          • I mean, if by "this activity" you mean any collection or persistence of data linked to an individual, then sure.

            But as noted in detail, it's not clear if they are even doing that right now.

            • It's very clear that this data is being collected. That's what needs to stop.

              • It's clear that data is being collected.

                It's not clear that individual data is being collected. If it is, it needs to stop.

                Try to grok the difference.

                • It's not clear that individual data is being collected.

                  Yes, it is. The device ID is sent with the data, so individual data is clearly being collected. What we don't know is what is done with that data post-collection.

                  Try to grok the difference.

                  I understand the difference just fine, thanks.

    • This seems to be a giant leap between collecting cell tower data and knowing where individuals are that is totally dependent on their implementation.

      Not a leap at all, let alone a giant one. Google is collecting the information required to pinpoint individuals. Whether or not they are actually doing so is something that we cannot know, as you point out. All we have is Google's word for this sort of thing.

      And if the past few years have taught us anything about Google, it's that their word cannot be trusted. So, rather than being a leap, the reasonable assumption is that they are, indeed pinpointing people. Otherwise, why would they be collecting the data

      • Not a leap at all, let alone a giant one. Google is collecting the information required to pinpoint individuals. Whether or not they are actually doing so is something that we cannot know, as you point out. All we have is Google's word for this sort of thing.

        It is not possible for Google to operate without the opportunity to collect the information required to pinpoint individuals. But I do believe that they operate within their stated privacy and data use policies.

        Just for a trivial example, Google could record the IP address along with the exact destination every time someone uses Google Maps for navigation (since that information must be sent to the server to compute the route). It's unavoidable, and the only alternative is either not to use the service or t

        • It is not possible for Google to operate without the opportunity to collect the information required to pinpoint individuals.

          I don't disagree -- but the point here is that Google not only didn't reveal this data collection, they strongly implied that stuff like this would be disabled when you turned location tracking off. In other words, Google lied.

          Just for a trivial example, Google could record the IP address along with the exact destination every time someone uses Google Maps for navigation (since that information must be sent to the server to compute the route).

          Yes, but again -- this data collection is something that Google tells you about upfront. That's very different than doing it behind your back.

          If you really believe that then you must believe there is no hope for anything on Android at all.

          Yes, I think this is true to an extent. The moment that there is a reasonable alternative to Android, I'll be all over it.

          However, it is possib

          • Yes, but again -- this data collection is something that Google tells you about upfront. That's very different than doing it behind your back.

            I mean, you're begging the question if you think that there is even individual data collection happening here because it's not clear that the location data is being linked to individuals as opposed to collected in-bulk.

            As for the rest, seems reasonable enough for the tech savvy. For the rest of folks that don't have technical means to jump through those hoops, I think strong privacy policies are a better option, but YMMV.

            • it's not clear that the location data is being linked to individuals as opposed to collected in-bulk.

              How is that not clear? Device IDs are sent with the tower data. A cellphone device ID is data linked to an individual.

              I think strong privacy policies are a better option, but YMMV.

              What are "strong privacy policies"? Do you mean the privacy statements that companies make? Those are just promises from the company, and are no more trustworthy than the company making them.

  • has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy

    Err no. The "reasonable consumer" doesn't give a crap about their privacy providing pictures of their penises aren't shared on the internet, errr, except to people who they send them to on purpose.

    Dick move yes (pun intended) but very few people will give a crap, especially no "reasonable consumers".

  • Ubuntu Touch kinda failed, smaller distro options are very hard to get and I don't really know the status of those (like Purism and whatnot)... anyone knows of non-Android Linux fully functional smartphones and tablets?
    I just burned my 3rd attempt of installing a Linux distro on yet another chinese tablet that won't work well enough and has some weird lock in place to prevent people from changing the OS, I'm honestly tired of trying at this point. And I can't spend much on this, seems all ready made options

  • I was so disappointed on iPhone 8/X this year. Bought an Android phone, many apps requested permission to access my contact, phone, and location. Could not take this! Bought an iPhone 8P at the end.

  • Trust anyone who says, "Trust me."
  • Unless your phone has a removable battery, it's always on, even when it's off.
  • " ... By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable. ..."

    Translation: we are very sorry that somebody discovered our homing data being transferred, by the end of November we will have made sure that nobody will be able to detect it anymore.
  • Just in case anyone has not yet received the memo. Carrier pigeons tend to be particularly unreliable this time of year.

  • If you connect to cellular towers, it is tracked by the provider. What's the difference if Google has the information too? Do you actually trust Verizon more than Google?

    Do you think that turning off your cellular connection and just using WiFi will help? Think again. Virtually every major site you connect to tracks your IP which will be the WiFi's IP. It's a simple database lookup from there. To pinpoint your location to within the WiFi range. Google has a bit more accuracy because they triangulate based o

  • Camera app takes photo, (GPS disabled for this app) broadcasts photo to entire system.
    Google Maps (with GPS) picks up the broadcast and tags the photo with location and uploads it.
    You can't block Maps from using GPS.
    Ergo, android permissions mean nothing because there is no permissions firewall.

     

"Luke, I'm yer father, eh. Come over to the dark side, you hoser." -- Dave Thomas, "Strange Brew"

Working...