Many Google Services on Android Devices and iPhones Store Location Data, Even if Location Sharing is Disabled From Privacy Settings: AP

Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used privacy settings that say they will prevent it from doing so. The Associated Press reports that it has confirmed its findings with computer science researchers at Princeton. From the report: For the most part, Google is upfront about asking permission to use your location information. An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let it record your location over time, Google Maps will display that history for you in a "timeline" that maps out your daily movements. Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects -- such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you "pause" a setting called Location History. Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude -- accurate to the square foot -- and save it to your Google account. The privacy issue affects some two billion users of devices that run Google's Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search. Storing location data in violation of a user's preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission's enforcement bureau.

Illegal

Its not only wrong but clearly illegal (at least in Europe). Cue Google sanctions in 3 2 ...

Re:Illegal

[Opportunist]

I was thinking that, if they do something like this in Europe, I could foresee the highest EVER fine imposed on anyone worldwide brewing.

Re:Illegal

[sinij]

It doesn't matter Google does this, as long as they are fully inclusive about how they do it, and sufficiently apologetic about their privilege of doing it.

Re:Illegal

Who cares, as they are making 95 billions a year by spying their users, so a 5 billion fine is a minor cost of a business. Only when the fines from illegalities are more than the profits gained from crimes, the companies will react.

Re:Illegal

[hcs_$reboot]

Everything is illegal in Europe.

Europe is making laws to protect users privacy, like the recent GDPR. What's wrong with that?

Re:Illegal

[Opportunist]

This is Europe, we don't do that bullshit over here.

Re:Illegal

[Zocalo]

Worth keeping in mind that the GDPR fines against revenue, not the profit or net income after all the financial shell games to avoid taxes have been played out. Assuming the worst case fine under the GDPR, 4% of global revenue, and based on the figures Google declared for 2017 that would wipe out approximately one third of of their net income for the year. They'd still be in the black, but that's hardly a minor cost of doing business, and also before you take into account potential fines from all of the other legal jurisdictions they're operating in.

I expect them to make the need to tick a box giving permission for them to do this and get them off the potential legal hook fairly promptly, and maybe even act apologetic about the "accidental oversight" or some such. The implications of actually ticking that box will also be about as clear as mud, of course.

Re:Illegal

[serviscope_minor]

Europe is making laws to protect users privacy, like the recent GDPR. What's wrong with that?

what about the freedom of corporations to maximise profits without regard to the harm caused? Why do you hate freedom? /s

Use Here maps.

Cross platform. Fuck Google.

Don't be Evil

[JoeyRox]

But if you are going to be evil, make sure you stamp the location of each act of evilness.

Punitive regulation

[sinij]

It is very clear to me that big players like Google, Facebook, and Twitter are not going to voluntarily allow people to retain their privacy. This story is an example of a large company intentionally misleading and gathering data despite user explicitly telling them not to. It is likely that such brazen violation is not even against the law.

The law must change. Call for punitive regulation, it is the only way the learn.

Re:Punitive regulation

[sinij]

This is what-about-ism. While Government collecting data is also a problem, it is a different problem that requires different solutions.

Re:Punitive regulation

[Gilgaron]

That's a good point, but if they offer the option to turn this off (or are required to), they ought to conform to it. It would be worse publicity to have GMail Free SpyOnMe Edition, with tracking enabled, or turn off tracking/adverts for $1/mo but it'd at least be honest. Amazon doesn't sell an ad free Kindle and just enable them anyway.

Re:Punitive regulation

[serviscope_minor]

I have to ask you guys a question: why do you think these companies are providing these "free" services? Are they altruistic?

What free services (we're talking about Android here). People pay actual money for android phones and to get the ones with all the google services the phone manufacturers have to pay google.

These are not free services. These are services customers are paying for when they buy the phones.

Which is why I spoof it

This is why I spoof that info, block access to the actual hardware with magisk, disable background modules/components of individual apps, and block network access.

Getting more annoying to use an android device than a Windows device these days. I remember having to do a ton of managing app defaults, re-setting associations, removing companion apps, spyware/malware checks, and similar things which is what made me switch to Linux.

I wish there was an easy way to install Linux to any android device so I could ditch Android... but my issue with android is not so much the OS as I can use Lineage, it's the apps. I'd rather use my entire Linux software stack that doesn't do all of this bullshit.

Ubuntu touch is dead and I'm not sure what else exists.

Editors, please!

Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects -- such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you "pause" a setting called Location History.

--> this is not the way to present the issue. We can have perfectly legitimate reasons not to be tracked by unknown third parties. The most perfectly legitimate reason is: why would you want anyone to track you? Giving reasons to justify non-tracking is completely stupid (and that way of thinking already means that the GAFA have left their mark on your intellect), you should give reasons to justify the tracking in the first place.

Shocker

I've always said, when you disable location on Android it's more likely that you're just toggling your own ability to see the location data that Google is collecting. Just because now your phone won't show you your current location doesn't mean it isn't being recorded, it just means your phone won't share it with you.

Re:Shocker

[larryjoe]

I've always said, when you disable location on Android it's more likely that you're just toggling your own ability to see the location data that Google is collecting. Just because now your phone won't show you your current location doesn't mean it isn't being recorded, it just means your phone won't share it with you.

I always disable location on my phone, but not because I believe that Google isn't still tracking me. I do it to save battery usage. At least in previous versions of Android, enabling location seemed to trigger background processes. Since these the activities of these processes were largely related to ads and other things that had no direct benefit to me, I turned off location. The battery savings was always immediately noticeable.

The amount of personal, private information that Google has collected and calculated is staggering. Think of the US government having that information but with no semblance of legal checks (no required warrants, no FOIA requests, no need to get Congress to allow data collection, no voting disagreeable people out of office, etc.) on the use/abuse of that information, and that is the current situation with Google. The only comfort users have is the assurance that Google will do no evil.

No F*cking Kidding

I have tried hard for ages to lock google down, I have so many privacy addons that I need 3 browsers just to surf the net.
I only go to sites I trust on my phone and I have everything turned off

then the other week, I was walking past a train station and bingo, I got a message from google maps kindly telling when the next train would be.
It might have been nice if I wanted the message and I opted in but I didn't
I don't use google maps, it wasn't running google maps (well, at least in the terms that most people would call running, as in I opened it and asked for maps or directions)
but yep, the perverts at google don't respect my wishes and knew exactly where I was.
I had turned off location/all history, that only seems to mean they don't tell me what my history is.
They still keep that data for their own purposes and they are always recording.

google = Pure perverts - thru and thru

If I want to find a business near me, I will ask. Other than that piss off and leave me alone.
If google asked nicely and told me my data would be anonymized and deleted after I reasonable time (as in hours), I would agree to the uploading of my data.
I am more then prepared to help others with freeway speeds as a payback for seeing what is happening on the freeways. But no, they just record everything and use it for advertising wherever they can. F* you google.
If I figure out a business is using location for ad's, I boycott them. Its not much but f*ck you Google and companies that support perverts.

Oh yeah. I know google sucks but seriously, in maps, white roads on a white background just suck - does anyone else remember when google was competent, not just perverts?

MicroG

[emil]

It really is time to upgrade my phone to MicroG, and put an end to this.

https://lineage.microg.org/

Not the same thing

[sjbe]

I hate to break it to you: but all mobile phones are tracked minute by minute anyway.

Apples to oranges. The phone company has a legitimate reason to know your phone's location when on - namely that it doesn't work if they don't. They also have legitimate reasons to record some of this data for billing purposes and service provision. Precise contents of what you are doing at that minute not so much in most circumstances and isn't recorded. They aren't (or rather shouldn't be) tracked minute by minute by rando third parties without explicit permission from you.

Run your own Maps server

[DrYak]

Run your own map server locally (Sailfish server that works with multiple viewers, Android and iOS also have offline map solution, with MicroG providing several solutions for apps that require the Google Map API)

For the location service it self, you can have lots of replacement including offline too .

Fuck online companies.
( ^- that has actual very practical implications when you're abroad and have internet roaming or on a hike away from any connection services)

3rd party Linux

[DrYak]

I wish there was an easy way to install Linux to any android device so I could ditch Android... {...} Ubuntu touch is dead and I'm not sure what else exists.

Jolla has developped Sailfish.
as they've developped libhybris (the same thing that Ubuntu Touch used), it's possible for the community to develop ports to lots of android devices (a couple of Sony Xperias, upcoming Gemini, etc.)

Jolla has also released it for a couple of select devices as an officially supported commercial project.

Also there's Purism's Librem 5 project to build a phone with an entire opensource Linux stack.

Screen limits

[DrYak]

Sailfish is interesting but does not run GNU/Linux desktop apps...

Smartphone aren't the perfect form factor to run desktop apps.

GTK-based apps could in theory be made to run on Sailfish (which uses Wayland, and GTK3 has been ported to Wayland) but it would probably look like crap.
Basically, just forget about running GIMP on a smartphone.

Sailfish uses Qt, so desktop applications could be made to run on it but would probably look like crap if they aren't specifically adapted to the form factor and specific theming engine (silica).
(Note: BLE scanner *DOES work*, it just *LOOKS like crap* being a generic QML app).

Text-mode user interface could be made to work on sailfish (it comes with a standard-compliant terminal) but trust me they would look like crap (you would need to set a small font size and hold the phone sideways so the app gets something closer to the desktop terminal it was developed for - thats the way I remotely run TUI apps over SSH).

Basically, your problem isn't missing GNU/Linux component (specifically in the case of Qt and TUI, the components are actually present, and have been used), but needing to tune software to the specifics of a small screen.

WebApps are about the only thing that doesn't look like crap, because most modern web application since the popularity of the iPhone have been designed to reflow nicely on smartphone screens. (On the other hand, the Gecko engine used by the built-in browser, and the QtWeb used by 3rd party browser are both a bit old, so some website might complain and not work 100%. You would need to used the Android compatibility layer and a modern Firefox Android.).

Specially crafted UI for smartphone screens (like most sailfish native apps, and anything you would get on the anrdoid compatibility layer), and command line interface (where you can use bigger font and portrait orientation) are the best thing.

Still you can do something like hack the partition table on a OTG connected USB stick, using common CLI tools without need to root anything.

You can run Linux in a container on a phone but have to use VNC and it is not native, you still have android underneath

In the case of Ubuntu Touch and Sailfish, the only "android"-y bits are the drivers provided by the maker of the chipset.
The rest of the user land is plain GNU/Linux, and only uses libhybris so the drivers can run over it (e.g.: so they run on a GNU libc instead of bionic)

Librem will supposed to be a plain GNU/Linux with *open source* drivers - so 0% android underneath.

Then for eco-system access, most smartphone tend to provide some android compatibility layer. (Sailfish has a version of the JVM-like engine used by Android 4.4 kitkat written by Myriad called Alien Dalvik running in a chroot atop the GNU/Linux userland.
I think Purism was considering Andbox as a potential solution for Librem users).

Stupid article

[brunes69]

Disabling "Location History" *IS NOT THE SAME THING* as disabling Location TRACKING.

"Location History" is a VERY SPECIFIC feature of Google/Android and is used to provide you reccomendations based on places you go and travel patterns. Disabling that DOES NOT disable all location tracking on Android - that is a DIFFERENT SETTING.

Hell, it is RIGHT IN THE QUICK SHORTCUTS. Unmissable!

What an idiotic article.