In an age where we store our most important data on our mobile devices, we depend on device manufacturers and designers to ensure our information is kept safe. Unfortunately, potential problems are often overlooked until someone finds a way to take advantage of them, as appears to be the case with the Electronic Frontier Foundation’s latest discovery.
According to the EFF, if your Android phone or tablet is less than three years old, there’s a high risk that is constantly sharing your location with everyone in your vicinity while not connected to a Wi-Fi network.
Here’s how it works: when you connect to a Wi-Fi network, the name of the network is stored in your device’s settings. Most modern Android devices send out messages containing the names of these networks when they aren’t connected in order to speed up the connection process once they get back into range.
By intercepting these messages, a hacker could use the names of the networks to get an idea of where the user frequently connects, an especially dangerous proposition considering the less-than-innocuous names of many Wi-Fi networks (“Bob’s apartment,” “Starbucks West Village,” etc.). The EFF points out that even when the network does have a seemingly unidentifiable name, there are ways around that too. Although other platforms have similar vulnerabilities, the EFF believes that Android currently poses the greatest threat to its users.
Google said the following in response to the EFF’s discovery:
“We take the security of our users’ location data very seriously and we’re always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release.”
If you want to protect yourself from constantly leaking location history data, there’s no foolproof method, but if you go into your device’s “Advanced Wi-Fi” settings and set the “Keep Wi-Fi on during sleep” option to “Never,” you can plug the leak. Here’s the catch: not only will it increase data usage and kill your battery faster, it doesn’t even work on certain phones. Hopefully Google will have a more permanent solution in the future.