Imagine having access to a huge, matrix-style interface where you could input a person’s name and the computer would display their location with reasonable accuracy. If such a thing were to exist, you’d be most likely to see it at Google’s HQ.
The fact that services such as Google ‘hoover up’ vast amounts of data should be common knowledge by now, and we’ve written extensively on this issue with tips on how to protect your online privacy.
However, so far, we believed that Google would honour our opt-outs and data collection preferences. Sadly, this seems not to be the case.
It is not a secret that Google collects Android phones’ location data and uses it to improve its own services and provide useful tools, such as the one you must have seen:
However, location services can be disabled and your phone should not be sending them anywhere, right? Well, according to a report from Quartz, that’s not the case at all.
You Can Run, But You Cannot Hide
Apparently, if you own an Android phone, Google is tracking your whereabouts regardless of your location settings. You don’t even need insert a SIM card in your phone in order to get tracked.
The reason why? Google tracks your location via cellular towers (base stations) and phones home with the data when you connect to the Internet. Phones connect to these towers even without a SIM card to allow users to dial emergency service numbers.
Google spokesman insisted that they “[planned to use] Cell ID codes as an additional signal to further improve the speed and performance of message delivery”, but stressed that they “never incorporated Cell ID into our network sync system, so that data was immediately discarded”.
Google collected the Cell ID along with the mobile country code and network code for faster connection to its Firebase Cloud Messaging system.
This type of tracking allows for a resolution of at least 400 metres, but in some cases, like in urban areas, it can be even more precise. The location is determined via triangulation of data from several base stations. The more stations there are, the more precise tracking becomes.
Aside from Google, potential attackers could gain access to the data. Even though the data itself is encrypted, third parties could hack into the phone itself and gather the data.
The company has been doing it since early 2017. It claims it will stop with the practice by the end of November, but claims that this type of location collection is “distinctly separate from Location Services, which provide a device’s location to apps”, and so the opt-out in Android settings didn’t apply.
A Risky Endeavour
As Bill Budington, an engineer working for the Electronic Frontier Foundation succinctly put it, “You can kind of envision any number of circumstances where that could be extremely sensitive information that puts a person at risk.”
It’s not the end of the world, though. Your mobile phone carrier already has that information, and can in theory obtain it whenever they want. The police can, as well. However, what they don’t have is a personal profile of you build based on your clicks, searches and e-mails.
Whether or not Google (mis)used the data is not the main question. We found the inability to actually opt out of this clandestine tracking the most worrying. Users should have an expectation of privacy, and at the very least be notified if any tracking is taking place.