Slashdot Mirror
Many Google Services on Android Devices and iPhones Store Location Data, Even if Location Sharing is Disabled From Privacy Settings: AP (apnews.com)
Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used privacy settings that say they will prevent it from doing so. The Associated Press reports that it has confirmed its findings with computer science researchers at Princeton. From the report: For the most part, Google is upfront about asking permission to use your location information. An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let it record your location over time, Google Maps will display that history for you in a "timeline" that maps out your daily movements. Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects -- such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you "pause" a setting called Location History. Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.
For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude -- accurate to the square foot -- and save it to your Google account. The privacy issue affects some two billion users of devices that run Google's Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search. Storing location data in violation of a user's preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission's enforcement bureau.
For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude -- accurate to the square foot -- and save it to your Google account. The privacy issue affects some two billion users of devices that run Google's Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search. Storing location data in violation of a user's preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission's enforcement bureau.
Its not only wrong but clearly illegal (at least in Europe). Cue Google sanctions in 3 2 ...
Cross platform. Fuck Google.
Sounds like location based search and location history are implemented as two separate services. But that isn't something the user should need to worry about.
bickerdyke
But if you are going to be evil, make sure you stamp the location of each act of evilness.
It is very clear to me that big players like Google, Facebook, and Twitter are not going to voluntarily allow people to retain their privacy. This story is an example of a large company intentionally misleading and gathering data despite user explicitly telling them not to. It is likely that such brazen violation is not even against the law.
The law must change. Call for punitive regulation, it is the only way the learn.
Had that setting disabled who knows how long ago, probably b/c it was described somewhere and I was prompted to agree or not.
Conclusion: read before you sign.
Do No Evil? Pshaw, how else we going to make tons o' moola from you poor saps?
Thomas Watson Jr. at the Whitehouse advising Carter on sanctions against the Soviet Union: "If you want to declare war or have a boycott, fine. But breaking a commitment to a customer is always wrong." How about it, Google? Will you break commitments to the customer in the future as well? Would composing the official Google corporate song help?
the Police could always subpoena cellular carriers for tower tracking information regarding the location of the phone.
Using google map locations seems like lazy police work and tracking data has the potential to be "faked" by someone with sufficient resources.
Google location tracking being enabled is the first mistake. It's like bluetooth, why turn it on if you're not actively using it? Check your google settings, repeatedly.
This is why I spoof that info, block access to the actual hardware with magisk, disable background modules/components of individual apps, and block network access.
Getting more annoying to use an android device than a Windows device these days. I remember having to do a ton of managing app defaults, re-setting associations, removing companion apps, spyware/malware checks, and similar things which is what made me switch to Linux.
I wish there was an easy way to install Linux to any android device so I could ditch Android... but my issue with android is not so much the OS as I can use Lineage, it's the apps. I'd rather use my entire Linux software stack that doesn't do all of this bullshit.
Ubuntu touch is dead and I'm not sure what else exists.
Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects -- such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you "pause" a setting called Location History.
--> this is not the way to present the issue. We can have perfectly legitimate reasons not to be tracked by unknown third parties. The most perfectly legitimate reason is: why would you want anyone to track you? Giving reasons to justify non-tracking is completely stupid (and that way of thinking already means that the GAFA have left their mark on your intellect), you should give reasons to justify the tracking in the first place.
I've always said, when you disable location on Android it's more likely that you're just toggling your own ability to see the location data that Google is collecting. Just because now your phone won't show you your current location doesn't mean it isn't being recorded, it just means your phone won't share it with you.
I have tried hard for ages to lock google down, I have so many privacy addons that I need 3 browsers just to surf the net.
I only go to sites I trust on my phone and I have everything turned off
then the other week, I was walking past a train station and bingo, I got a message from google maps kindly telling when the next train would be.
It might have been nice if I wanted the message and I opted in but I didn't
I don't use google maps, it wasn't running google maps (well, at least in the terms that most people would call running, as in I opened it and asked for maps or directions)
but yep, the perverts at google don't respect my wishes and knew exactly where I was.
I had turned off location/all history, that only seems to mean they don't tell me what my history is.
They still keep that data for their own purposes and they are always recording.
google = Pure perverts - thru and thru
If I want to find a business near me, I will ask. Other than that piss off and leave me alone.
If google asked nicely and told me my data would be anonymized and deleted after I reasonable time (as in hours), I would agree to the uploading of my data.
I am more then prepared to help others with freeway speeds as a payback for seeing what is happening on the freeways. But no, they just record everything and use it for advertising wherever they can. F* you google.
If I figure out a business is using location for ad's, I boycott them. Its not much but f*ck you Google and companies that support perverts.
Oh yeah. I know google sucks but seriously, in maps, white roads on a white background just suck - does anyone else remember when google was competent, not just perverts?
Kinda explains the private jumbo jet (among other private jets...) for Google executives.
Fuel for those ain't cheap - Google really has to "monetize" the privacy of every person on the planet!
..,your phone provider spies and stores location constantly? Shocking, right?
Well not really. How else would they know where your phone was to send signals? Do you you even know how tech works?
It really is time to upgrade my phone to MicroG, and put an end to this.
https://lineage.microg.org/
In our world of shiny app and UI obfuscation ...hardly surprised at all. I have no shock value points left to dole out, or as the new kids these days F's to give.
You are the 'product', and thats why it's free in beer, but priceless in data mining. That location data has little to do with Google Maps you use for navigation to get to Grandma's house for Thanksgiving; where you stopped in between, the gas station you went to, the isle you were in debating which candied yams to get in Walmart, the route you took, why you took that route, getting focused advertisement to everything 'in between' is worth collecting it under the table. That's what keeps Google's lights (and datacenters) running: that data.
I hate to break it to you: but all mobile phones are tracked minute by minute anyway.
Apples to oranges. The phone company has a legitimate reason to know your phone's location when on - namely that it doesn't work if they don't. They also have legitimate reasons to record some of this data for billing purposes and service provision. Precise contents of what you are doing at that minute not so much in most circumstances and isn't recorded. They aren't (or rather shouldn't be) tracked minute by minute by rando third parties without explicit permission from you.
Phone operating systems are required by law to track location data in order to provide E911 services. At the very least, the Phone application on your pocket supercomputer must be aware of your location 24/7 so that it can provide your location to emergency services. The law does not permit acquisition delay - the information must be transmitted to E911 the moment the call is picked up.
Run your own map server locally (Sailfish server that works with multiple viewers, Android and iOS also have offline map solution, with MicroG providing several solutions for apps that require the Google Map API)
For the location service it self, you can have lots of replacement including offline too .
Fuck online companies.
( ^- that has actual very practical implications when you're abroad and have internet roaming or on a hike away from any connection services)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
the Police could always subpoena cellular carriers for tower tracking information regarding the location of the phone.
That requires :
- the phone to be connected to an actual cell tower (not in Airplane mode, not a tablet with Wifi-only)
- that there is a SIM in the phone (otherwise they only know that there is *a* smartphone with IMEI number, but not even a phone number)
- that the SIM was registered so someone's identity (to know whose that number is).
Using google map locations seems like lazy police work
Google map location can work :
- in airplane more using only pure GPS receiver.
- online with no GPS chip, only by using lists of visible cell tower and visible Wifi ap.
Also Google accounts can be attached to a real identity.
If apps can store that location, and end-up syncing with google server at some point later in time, Google can know where you've been.
So it's worth asking Google too "Who's been near locaion (X;Y) ?" in additon to cell operator, you'll get all the other people that the cell tower missed.
tracking data has the potential to be "faked" by someone with sufficient resources.
Location spoofing is a standard defence against application that insist on getting location.
Google location tracking being enabled is the first mistake. It's like bluetooth, why turn it on if you're not actively using it? Check your google settings, repeatedly.
The thing is that even when disabled, some app might be storing it anyway.
What you're disabling explicitely is the streaming of your position to google for features like live tracking.
Other applications might still silently fetch your location (like when trying to make locally-relevent search results).
e.g.: search for "pizza" and google will try to find pizza restaurants *around you*. They'll try based solely on your IP address if they can't get anything out of your phone.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I wish there was an easy way to install Linux to any android device so I could ditch Android... {...} Ubuntu touch is dead and I'm not sure what else exists.
Jolla has developped Sailfish.
as they've developped libhybris (the same thing that Ubuntu Touch used), it's possible for the community to develop ports to lots of android devices (a couple of Sony Xperias, upcoming Gemini, etc.)
Jolla has also released it for a couple of select devices as an officially supported commercial project.
Also there's Purism's Librem 5 project to build a phone with an entire opensource Linux stack.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Google lied about its services. That's against the law. What is Google's punishment, or are they above the law like other large corporation?
I've been telling people for years to disable all of google's access, root the device, and remove all google services. Use F-droid or amazon or side load apps.
And should be treated as such by their users.
Greater personal control is at least *possible* on desktop computers, even if some people are stupid enough not to pursue it and use telemetry jokes like Windows 10.
But cellphones? They're just devices for abusing their users. They'll never be anything but toys.
Not MAC as in addresses, but rather Mandatory Access Control rules, part of SE Linux. They were invented to prevent exactly this kind of confidentiality leak.
davecb@spamcop.net
Sailfish is interesting but does not run GNU/Linux desktop apps...
Smartphone aren't the perfect form factor to run desktop apps.
GTK-based apps could in theory be made to run on Sailfish (which uses Wayland, and GTK3 has been ported to Wayland) but it would probably look like crap.
Basically, just forget about running GIMP on a smartphone.
Sailfish uses Qt, so desktop applications could be made to run on it but would probably look like crap if they aren't specifically adapted to the form factor and specific theming engine (silica).
(Note: BLE scanner *DOES work*, it just *LOOKS like crap* being a generic QML app).
Text-mode user interface could be made to work on sailfish (it comes with a standard-compliant terminal) but trust me they would look like crap (you would need to set a small font size and hold the phone sideways so the app gets something closer to the desktop terminal it was developed for - thats the way I remotely run TUI apps over SSH).
Basically, your problem isn't missing GNU/Linux component (specifically in the case of Qt and TUI, the components are actually present, and have been used), but needing to tune software to the specifics of a small screen.
WebApps are about the only thing that doesn't look like crap, because most modern web application since the popularity of the iPhone have been designed to reflow nicely on smartphone screens. (On the other hand, the Gecko engine used by the built-in browser, and the QtWeb used by 3rd party browser are both a bit old, so some website might complain and not work 100%. You would need to used the Android compatibility layer and a modern Firefox Android.).
Specially crafted UI for smartphone screens (like most sailfish native apps, and anything you would get on the anrdoid compatibility layer), and command line interface (where you can use bigger font and portrait orientation) are the best thing.
Still you can do something like hack the partition table on a OTG connected USB stick, using common CLI tools without need to root anything.
You can run Linux in a container on a phone but have to use VNC and it is not native, you still have android underneath
In the case of Ubuntu Touch and Sailfish, the only "android"-y bits are the drivers provided by the maker of the chipset.
The rest of the user land is plain GNU/Linux, and only uses libhybris so the drivers can run over it (e.g.: so they run on a GNU libc instead of bionic)
Librem will supposed to be a plain GNU/Linux with *open source* drivers - so 0% android underneath.
Then for eco-system access, most smartphone tend to provide some android compatibility layer. (Sailfish has a version of the JVM-like engine used by Android 4.4 kitkat written by Myriad called Alien Dalvik running in a chroot atop the GNU/Linux userland.
I think Purism was considering Andbox as a potential solution for Librem users).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
And you would think that this would be untrue because....??
Just wait, in a couple of years we will find out that Googles largest customer for this information (location data) is the US Government.
...it should now be more than abundantly clear that Google is simply always flat-out lying to its "customers", i.e., victims, and cannot ever be trusted in any regard. So all of the privacy policies, etc., aren't worth shit, ever.
Never base your decision as to whether to use any Google services solely on what they tell you about it.
1. Windows 10 + other msoft products
2. Google
3. Forced spying in all apps
4. Forced spying on TVs, stereos (Samsung is particularly evil), Roombas. Yes Roombas.
5. Facial Recognition
6. Cameras in your face at every store
7. License plate readers
8. all the new cameras and IR systems on our highways
It's to the point where we all have to ask ok, what's the least worst product and what I can I do to make using it NOT disturbing?
Score another one for Apple products and services. At least they care a bit about privacy.
Why is iPhone mentioned in title? It's fucking Google that's doing it. If you install their shitty app on iPhone and allow location access how is it iPhone's fault? The title is misleading. If you disable location access to Google's shitty apps or select option to only allow while using app, it all works as intended.
I keep reading these obsessions with privacy issues. I mean you bought a smartphone and for obvious reasons it must track you for many features and apps to be useful. If this creeps you out you can always still buy a flip phone, of course even they have to ping towers to work so theirs that. Get a life tin foil hat people or live in a cave without any technology.
So, Google uses location data when providing maps and weather. I am SHOCKED! FUCKING SHOCKED I tell you!!!
You know damned well the government knows it. Google is part of the government . . . you could call it a "non-governmental organization" if you wish. They are joined at the hip (or ass) to the United States government, and it doesn't matter which party is in power. Google gets along with both just fine.
I am pretty sure that they also find a way to constantly send your data.
Are there any mitigations that we can perform to limit this behaviour?
For example, I've been reading about the Blackberry Key2 and it's DTEK software. Can it prevent this kind of shenanigans?
Disabling "Location History" *IS NOT THE SAME THING* as disabling Location TRACKING.
"Location History" is a VERY SPECIFIC feature of Google/Android and is used to provide you reccomendations based on places you go and travel patterns. Disabling that DOES NOT disable all location tracking on Android - that is a DIFFERENT SETTING.
Hell, it is RIGHT IN THE QUICK SHORTCUTS. Unmissable!
What an idiotic article.
Obviously, they need your location to open a map to that location. But beyond that, it all gets iffy. Okay, maybe they want to store a list of your 'favorite' locations in order to provide services (or, yes, ads) to you relevant to that list. For example, Maps puts push-pins onto locations you've searched for before. But then again, why does it matter to them when you visited those locations? They seem to have the attitude that they'll just store all the raw data you give them - and figure out what to do with it later. Still, when you've asked that they not track your location history, they could at least remove the 'when' information.
My big beef with Google Maps is that the UI keeps getting more and more unintelligible. I guess that's not unique to Maps, but still, Google in general is particularly bad about this. And somewhere along the line it became impossible to hide the pushpins for every coffee shop and other business (that pays, I guess) when you view a map. I spent minutes looking for a way to turn this off (since often it is hidden somewhere in the UI), but in this case there is no such option.
So the UI to control things is so 'uncluttered' that it's near impossible to figure out how to use features - but the actual map data is so cluttered that you can't actually find stuff you're looking for on the map. But it sure is smart about searching for places - otherwise I might not use it at all. In fact, I sometimes open Google Maps to a foreign city and 'wander around'. Now, since I'm thousands of miles away, you'd think that maybe all the coffee shops and sneaker stores in that city might not care whether I know their locations - and certainly wouldn't knowingly pay for me to know them. Couldn't Google at least have an option to hide that stuff when you're, say, outside of a 50 mile radius of the businesses in question?
Posted from my Android phone. Oh, I can change this? There, that's better...
This is one reason Android security should have a feature that allows Android to send fake data to Android apps. For instance if an app refuse to run until you have given it permission to your contacts and location data when it clearly do not use either you should be allowed to put the app on a list that switches Android from sending real data to sending fake data. The app will be happy since it is getting data and you are happy since the app is getting fake data.
It is too bad it is so easy to brick a phone when you want a different version of Android. Like one version with real security options.
If all the apps got fake location data you would not need to worry about malicious apps, like the google apps having an opt out options in the apps that does nothing as in abusing the data it have access to.