With more than 320 million Android devices shipped worldwide, Google’s Android owns 88% of the smartphone market. However, a recent Quartz report claims Google is using the popularity of its mobile operating system to collect its Android users location data even if they have turned off location access and don’t have a SIM card.
“Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers — even when location services are disabled — and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.”
Quartz noted that Google uses triangulation method to locate an Android device within about a quarter-mile radius of a cellphone tower. Every time an Android device with data or WiFi connection came within range of a new cellphone tower, it would broadcast the addresses of nearby cellular towers and send the data to Google using Android’s messaging management system. Although the data sent to Google is encrypted, Quartz noted it a hacker can divert the data to a third party using malicious means or spyware.
Bill Budington, a software engineer at Electronic Frontier Foundation, warns:
“It has pretty concerning implications, you can kind of envision any number of circumstances where that could be extremely sensitive information that puts a person at risk.”
Google has admitted to the wrongdoing claiming it opted for the practice to improve its Firebase Cloud Messaging system, which “provides a reliable and battery-efficient connection between your server and devices that allows you to deliver and receive messages and notifications on Android, iOS, and the web at no cost“.
“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” a Google spokesperson replied to Quartz in an email. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”
Though Google claims it doesn’t use the location data, and promises to roll out an update that removes the Cell ID collecting feature, Matthew Hickey, a security expert and researcher at Hacker House, observes:
“It is really a mystery as to why this is not optional. It seems quite intrusive for Google to be collecting such information that is only relevant to carrier networks when there are no SIM cards or enabled services.”