Android phones are collecting users' location information, even when location services are disabled, according to an investigation by Quartz.
Android devices can gather location data and send it to Google even when location services are disabled and the phone has been reset to factory condition and apps, Quartz found. All the device needs to grab a user's location is a cellular data or Wi-Fi connection, the investigation found.
SEE: Security awareness and training policy (Tech Pro Research)
Android devices have been sending location information about nearby cell towers to Google since the beginning of 2017, Quartz said, with Google getting pinged every time a user entered the range of a new tower. Even if the user actively turned off location services, Google can still access their location and movements without their knowledge. Google confirmed the practice to Quartz.
While never storing the location information, Google used the data to manage push notifications and improve message delivery, a Google spokesperson told Quartz.
Google is now working to end the practice by the end of November after being contacted by Quartz.
The findings breach a "reasonable consumer expectation of privacy," Keith Collins, the author of the Quartz story, said. Using multiple cell towers can determine a user's location from a quarter-mile radius to a more exact spot, depending on how close the cell towers are together.
The findings may be an issue for those who don't want to be tracked and have taken precautions to make sure their location was secret. Google can still collect location data even if a SIM card isn't installed in the phone, and there is no known way to opt out of the collection.
The concern grows with recent Android security problems—a recent Nokia report found that devices running Android software were most likely to be hacked out of all operating systems. Although the location data was encrypted, it could have opened an unexpected hole in an already vulnerable system.
Although Google is preparing to end the program, the findings may create a distrust between Google's Android and some users. Some business users, especially ones trying to keep their location and data protected, may not feel as safe using the operating system.
The 3 big takeaways for TechRepublic readers
- Google can collect Android users' location information even if the user actively turns off location services, a Quartz investigation found.
- Since the beginning of 2017, phones running Android software have been sending the location of nearby cell towers to Google without consumers' knowledge or approval.
- After being contacted by Quartz, Google said it is working to end the practice by the end of November.
- Android beats iOS and Windows as least-secure mobile OS, Nokia report finds (TechRepublic)
- The 10 best ways to secure your Android phone (ZDNet)
- How to use Android Oreo's new Storage Manager feature to free up space (TechRepublic)
- Android's big problem: Over a billion devices are more than two years out of date (ZDNet)
- Phishing attacks, not breaches, represent the biggest security risk for Google users (TechRepublic)
Olivia Krauth is a Multiplatform Reporter at TechRepublic.