Google was collecting your location data even when your GPS was turned off

Updated on 22-Nov-2017
HIGHLIGHTS

Google has admitted to the practice and plans on stopping it immediately.

If you thought turning off your location on your Android phone is enough to protect your privacy, you need to sit down and read this. Google tracks your location even when no apps are installed, GPS is turned off and even when there is no SIM card…and there is no way to disable it. 

According to a Quartz report, Google gathers location data by triangulating cell towers currently servicing a specific device. Since January 2017, Android phones have been collecting cell tower addresses and sending the encrypted data back to Google, even when location services were explicitly disabled. 

Google confirmed the practice has been prevalent for a while. The cell tower addresses are included in the information that is sent to the system Google uses to manage push notifications and messages on Android phones, a Google spokesperson told Quartz. Google claims the addresses were never used or stored and the search giant plans to stop the practice by November after being caught red handed.

Google told The Verge that the practice was a part of a network sync system that all modern Android phones use. It requires the country codes and mobile network codes which were being pulled from cell towers. Google considered it an “additional signal to further improve the speed and performance of message delivery.” 

Apparently, the practice was to improve its Firebase Cloud Messaging system where devices ping the server at regular intervals to receive messages without delays. However, it is not clear how exactly is cell tower location important in message delivery. 

What is clear though is that the practice is a serious breach of consumer privacy considering there was no way to disable the feature or even being informed about it. Cell tower triangulation can provide a location of a person accurate to a quarter of a mile and even a more pinpoint location in urban areas where cell towers are built closer together.

The location data which, although, was encrypted could have easily fallen in the hands of malicious hackers using spyware to infect Android phones. 

However, Google’s terms of service clearly mentions the company has the permission to have such a practice. The privacy policy contains a section that states, “When you use Google services, we may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and cell towers.”

Yet, nowhere is it mentioned that Google can do so when location services have been explicitly turned off. And while Google claims it didn’t use or store the location data of the phones through the practice, the company is known to provide location data to advertisers to target audiences based on where they are.

Subhrojit Mallick

Eats smartphones for breakfast.

Connect On :