Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Leaks Location Data Via Wi-Fi

Posted by Soulskill on from the we-all-know-about-your-addiction-to-krispy-kreme dept.

Bismillah writes: The Preferred Network Offload feature in Android extends battery life, but it also leaks location data, according to the Electronic Frontier Foundation. What's more, the same flaw is found in Apple OS X and Windows 7. "This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ('Tom’s Wi-Fi'), workplaces ('Company XYZ office net'), churches and political offices ('County Party HQ'), small businesses ('Toulouse Lautrec's house of ill-repute'), and travel destinations ('Tehran Airport wifi'). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."

10 of 112 comments (clear)

  1. Wrong title by crashumbc · · Score: 5, Insightful

    Should be popular SMART PHONES leak WiFi data.

    Sensationalist bullshit

  2. Not just Android by AmiMoJo · · Score: 5, Insightful

    The sensational headline fails to mention that most operating systems, including OSX and Windows, are affect. In fact most wifi devices are and we have known about this problem since the early days of wifi.

    I wish I had the time to mod the shit down before it hit the front page.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Not just Android by jrumney · · Score: 4, Informative

      The headline also fails to mention that only manually configured networks are affected (or perhaps old versions of Android, I don't remember the details from the comments to the story about 6 months ago regarding the exact same "flaw" in iOS). This is why it is a BAD idea for security to turn off access point beacons - because if your access point is not sending out beacons to identify itself, then the clients need to send out connection requests blindly - wherever they are.

    2. Re:Not just Android by jones_supa · · Score: 3, Insightful

      I have one neighbor that for some insane reason named his after his address. 123 Johnson road

      He is just politely revealing who is the owner of the station. In this way it can also be seen as a responsible thing. If that particular station is causing some kind of problems to others, it is easy to contact the owner to discuss about it.

    3. Re:Not just Android by itzly · · Score: 4, Funny

      I have one neighbor that for some insane reason named his after his address. 123 Johnson road

      Even worse, I have a neighbor who has his house number plainly visible right next to his front door, and the name of the street is clearly marked at the intersection. Total nutcase, if you ask me. Anybody who knows his address can just go and visit him.

    4. Re: Not just Android by Em+Adespoton · · Score: 3, Informative

      To be a decent analogy, they'd need it affixed to something mobile, like their car, as well as to their house.

      The point here is that the CLIENTS start broadcasting the string whenever they're not connected to Wifi. So his phone/laptop will be advertising where their owner lives whenever he's away from home with them.

      If you still don't get it, it's like everyone in his family wearing a T-shirt that says "My home address is 123 Johnson Rd -- and if you're reading this, I'm probably not at home".

      It makes burglary easy, and stalking as well.

  3. Re:Noticed this before by jrumney · · Score: 4, Informative

    Its the scan of nearby networks bit where it needs to send out the WiFi networks it wants to connect to. That's why making your SSID hidden is a security anti-pattern. Tell the owners of the networks you connect to to stop doing it - anyone nearby can see all the clients making requests to join your network, so it isn't adding any security in your near vicinity, and elsewhere, others can still see your clients trying to connect to your network wherever they are, because to connect to hidden networks you have to go out and proactively look for them.

  4. Free Wifi by AndyCanfield · · Score: 3, Interesting

    Here in Thailand / Laos I have recently seen massage parlor signs advertising "Free Wifi". You get in a room with a beautiful lady and she rubs her hands all over your body. Why would you want to check your e-mail? And certainly you would not "Exotic Massage" to show up in your wifi list. But remember that phones are like that. I manually checked my wife's call history to see if she had telephoned my girlfriend.

  5. Droid does what iDon't: SSID spotting by tepples · · Score: 3, Interesting

    For fun, grab an Android app called WifiCollector.

    Or MozStumbler, from the makers of Firefox.

    But if you're looking for something similar on iOS, you won't find anything on the App Store because there's no public API to log seen SSIDs on iOS. Instead of making a public API, Apple instead just decided to blacklist the entire category of applications in March 2010.

  6. Re: Except iOS after version 5 apparently by tlhIngan · · Score: 3, Informative

    iOS is still happily twirping your data, hence the mac change in iOS 8.

    No, that's solving a different problem, namely one of tracking. In sending probe frames (to find out what accesspoints are around) it uses a random MAC address in order to foil those MAC address sniffers they plant in malls and stores that are used to track people as they wander around.

    FYI - Android does not have this feature (yet).