July 4, 2014 weblog
Digital rights group: Some Android phones may tell location history
Is your phone a calling companion or callout snitch? The Electronic Frontier Foundation delivered findings about some Android phones on Thursday—concerning newer, not older, models. According to EFF findings, a number of newer Android devices could serve up a privacy headache by broadcasting your whereabouts. The phone could turn snitch in revealing the most recently connected wi-fi networks that a device has joined while the mobile device is in sleep mode. The EFF article's headline read, "Is Your Android Device Telling the World Where You've Been?" The report's authors, EFF's Peter Eckersley, technology projects director, and Jeremy Gillula, staff technologist, had some other questions: "Do you own an Android device? Is it less than three years old? If so, then when your phone's screen is off and it's not connected to a Wi-Fi network, there's a high risk that it is broadcasting your location history to anyone within Wi-Fi range that [sic] wants to listen."
Eckersley and Gillula discovered many of the Android phones tested "leaked the names of the networks stored in their settings (up to a limit of fifteen). And when we looked at these network lists, we realized that they were in fact dangerously precise location histories."
What is causing the leaks? The researchers traced the problem to a feature that was introduced in Honeycomb (Android 3.1). The feature is Preferred Network Offload (PNO), which "is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they're in low-power mode (i.e., when the screen is turned off). The goal is to extend battery life and reduce mobile data usage." They said many of the phones running Honeycomb or later and even one running Gingerbread broadcast the names of networks they knew about when their screens were turned off. The EFF brought this to the attention of Google. In its response, Google said, "Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."
EFF reported that, additionally, "a Google employee submitted a patch to wpa_supplicant.which fixes this issue." The authors said they were glad the problem was addressed so quickly, but they also noted that it will be some time before that fix "gets integrated into the downstream Android code."
Not every single Android device is affected but for those that are, the EFF suggests, for any user concerned about this issue, a workaround. The person can go to the phone's Advanced Wi-Fi settings and turn the "Keep Wi-Fi on during sleep" option to "Never." This, added the EFF, will cause a moderate increase in data usage and power consumption. The workaround is available for most devices but not all.
"Location history is extremely sensitive information," the EFF said. "We urge Google to ship their fix as soon as possible, and other Android distributors to offer prompt updates containing it."
© 2014 Tech Xplore