Privacy: Google's Android HTC mobile phone 'transmits user locations back to company'
- Google's Android HTC phone transmitted data back to Google several times an hour
- Apple slammed for user locations being stored in iPhone and iPad
- Google and Apple are using location data to build databases of Wi-Fi hotspots
- Data from Apple devices syncs with computer, meaning anyone with access can see
- Representative Edward Markey questions whether the practice may be illegal
Tests: An Android HTC phone was found to track its location every few seconds and transmitted the data back to Google several times an hour
The row over the privacy of mobile phone users escalated today as it was revealed that Google devices regularly transmit user locations back to the company.
The new revelations come after Apple was this week slammed by several Congress members for the way user locations are being stored in unencrypted databases on the iPhone and iPad, sometimes stretching back several months.
In Google's case an Android HTC phone tracked its location every few seconds and transmitted the data back to Google several times an hour, according to new research by security analyst Samy Kamkar for the Wall Street Journal.
It also transmitted the name, location and signal strength of any close Wi-Fi networks and the phone's unique identifier.
Both Google and Apple have previously admitted they are using location data to build massive databases of Wi-Fi hotspots.
Thiscan then be used to pinpoint individual's locations via their mobile phones, which in turn could help the companies tap into the huge market for location-based services, currently worth $2.9billion.
This figure is expected to ! rise to a staggering $8.3billion in 2014, according to research company Gartner.
Location data is some of the most valuable information a mobile phone can provide, since it can tell advertisers not only where someone's been, but also where they might be going and what they might be inclined to buy when they get there.
A spokeswoman for the Office of the Privacy Commissioner of Canada told the Journal the office 'had concerns' about using mobile phones to collect Wi-Fi data and had expressed those concerns to Google itself.
Concern: Apple was slammed by several Congress members for the way iPhone and iPad users' locations are being kept under secret surveillance by Apple
'The whole issue of the tracking capabilities of new mobile devices raises significant privacy issues,' she said.
In the past Google has pointed out thatits collected Wi-FI data is anonymous and that it deletes the start andend points of every trip it uses for traffic maps.
But, the data, provided to the Journal exclusively by Mr Kamkar, contained a unique identifier linked to an individual's phone.
More...
- Tit-for-tat: Now Samsung sues Apple just days after being accused o! f 'slavi shly copying' its iPhone and iPad designs
- Don't go! Microsoft boosts cash pay for workers in bid to stop talent fleeing to tech rivals
- Police charge former student politician over 'webcam girl' murder witnessed by boyfriend 6,000 miles away
Mr Kamkar developed a tracking file called 'evercookie' that once installed on a computer, was difficult to get rid of, in order to highlight the privacy vulnerabilities in web-browsing software.
The Journal then had an independent consultant test out the programme on an Android device and its use of location data.
It worked. Google declined to comment to the Wall Street Journal on its revelations.
Secret surveillance: The map shows the locations and phone use of a journey taken by the researchers who discovered the capability on the device
Now watch the video of the trip from Washington D.C. to New York
Washington DC to New York from Alasdair Allan on Vimeo.
The news that both Google and Apple have these capabilities is a worry, especially after the Journal's findings last year that some of the most popular smartphone apps use location data and other personal information aggressively - in some! cases s haring it with third-party companies without the user's consent or knowledge, the paper found.
Representative Edward Markey and Senator Al Franken have both expressed concern about the way Apple may use its location data.
Their anger was prompted by a report from researchers Alasdair Allan, research fellow at University of Exeter in the UK and Pete Warden, the founder of Data Science Toolkit.
Both Google, led by Chairman and CEO, Eric Schmidt, right, and Apple, led by CEO Steve Jobs, left, have admitted they use location data for Wi-Fi databases
Anger: Senator Al Franken, left and Representative Edward Mar! key, rig ht,have both expressed concern about the way Apple may use its location data
A TOOL FOR THE POLICE?
The police could certainly benefit from the location data stored on the iPhone with a simple high tech device called Cellebrite UFED.
This is a box that connects to almost any personal mobile phone and downloads its entire contents, including call logs, texts, photos and web history even if it has been deleted.
Michigan State Police yesterday defended their use of the device arguing that it was an effective tool in fighting crime.
But the Michigan branch of the ACLU disagrees and fears police are using it on routine arrests and even traffic stops, according to Fox News.
Michigan State Police spokesman Tiffany Brown told FoxNews.com the devices are only used to gather evidence for serious cases such as crimes against children however.
'The (department) only uses the device if a search warrant is obtained or with consent,' Brown added.
The pair found the Apple devices save the latitude and longitude of users' locations, along with a time stamp, then copies the data to the owner's computer whenever the two are synchronised.
They were able to build an extraordinary detailed map of where they had been, but said they had no evidence the file was being transmitted to Apple.
They have since built a programme that individuals can download for free to see what location data has been stored on their own phones.
And after talking to people in the Android community Mr Warden and Dr Allan were told that Android phones had something similar to Apple, but that only a couple of weeks of rolling data was kept.
On their website the pair speculate whether Apple may have built the feature in for future developments but add: 'The fact that it's (the data) transferred across devices when you restore or migrate is evidencethe data-gathering isn't accidental.'
They! highlig ht that the location data is stored in an easily-readable form on a person's computer.
'By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,' they write.
WHAT ABOUT BUSINESSES?
Many companies hand out business mobile phones and increasingly iPads to their colleagues.
The revelations about data storage could prove to be a headache for companies in terms of security, not to mention employees who may use the devices for business and personal use.
Michael Sutton, a security researcher with Zscaler, found that JotNot Scanner Pro, an iOS application, stores passwords for other applications unprotected in the iTunes backup database.
In a blog post, Sutton said: 'Unfortunately, the authentication credentials stored for Evernote, Google Docs, Apple's iDisk and any WebDav enabled server are stored in plain text.
'Therefore, anyone that gained access to this backup file, would then have your username/password for these services.'
Other mobile phone providers collect similar data but it's kept securely behind their firewall, they write.
This data ordinarily requires a court order to gain access to it, whereas the data from Apple devices is there for anyone who uses that person's phone or computer to see, they add.
Senator Al Franken said the issue raises 'serious privacy concerns,' especially for children using the devices.
Hesaid: 'Anyone who gains access to this single file could likely determine the location of a user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips hehas taken over the past months or even a year.'
Representative Edward Markey questioned whether the practice may be illegal under a federal law governing the use of location informationfor commercial purposes and said consum! ers were n't properly informed.
Hesaid: 'Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack.
'Collecting,storing and disclosing a consumer's location for commercial purposes without their express permission is unacceptable and would violate current law.'
Mr Markey, who is the co-chair of the House Bipartisan Privacy Caucus, sent a letter to Apple CEO Steve Jobs on Thursday in response to the research.
Specifically, Markey wants to know if Apple developed the feature intentionally to keep a log of users' whereabouts. And if it did mean tocollect this information, what did it intend to do with it? He also wants to know if Apple has notified consumers that this information is being collected.
He said he's seeking answers to his questions by May 12.
Apple said it 'intermittently' collects location data, including GPS coordinates, of many iPhone users and nearby Wi-Fi networks and sends that data to itself every 12 hours, according to aletter the company sent to Mr Markey and Representative for Texas, Joe Barton, last year.
Comments