Google Play has a keen interest in tracking Android users as they go about their day, and there’s little that can be done to stop it.
Security researcher Mustafa Al-Bassam found that out the hard way.
Upon entering a McDonald’s, the researcher “almost had a heart attack” when his Android phone prompted him to download the fast-food chain’s mobile app.
Al-Bassam checked his phone and discovered that with his operating system, which is running one of the newer Android builds, it’s almost impossible to prevent Google Maps from collecting your location.
Fine. He decided to uninstall Google Maps. But that’s when he came across the larger issue threatening Android users’ privacy:
Even if you uninstall Google Maps, Google Play's background service is tracking your location 24/7. pic.twitter.com/j8lPJtnyu9
— Mustafa Al-Bassam (@musalbas) September 12, 2016
Let that sink in for a second.
Google Play services is capable of constantly tracking Android users’ movements because it uses features like Nearby to create “location awareness.”
As Google explains in a blog post:
“One of the unique features of mobile applications is location awareness. Mobile users take their devices with them everywhere, and adding location awareness to your app offers users a more contextual experience. The location APIs available in Google Play services facilitate adding location awareness to your app with automated location tracking, geofencing, and activity recognition.”
In other words, Google Play’s APIs are responsible for this continuous tracking, not Android’s location APIs.
That means if a mobile user with one of the newest Android builds tries to switch off location for Google Play (via Apps > Google Play Store > Permissions), they’ll get a pop-up window warning them that turning location off for Google Play will disable that feature on every single app installed on their device.
Okay… so what if you uninstall Google Play and/or Google Maps?
Well, it depends on what you have installed on your phone. You won’t be tracked, but you’ll have to manually update each of your apps, some of which might not even work anymore without an active installation of Google Play services.
Damned if you do. Damned if you don’t.
So what’s the best course of action here?
You can either risk it and uninstall Google Play and Google Maps, or several times throughout the day, you can live with turning off location to Google Play Services and all of the apps installed on your phone.
Neither choice is all that appealing, but if you go with the second option, at least you can curse out Google multiple times a day for the continued inconvenience and for mishandling your privacy.
That or switch to an iPhone. Now.
Update: As The Register reports, Google has acknowledged that the behaviour is a bug rather than a feature:
“We identified a bug affecting a small number of users in a recent release of the Google Play. For users in the error state, the Google Play app was unable to obtain GPS, causing it to make frequent unsuccessful requests and use battery. We will be rolling out a fix in the next few days.”
In addition, a Google spokesperson has sent us the following statement:
“We’ve long provided users with tools to control how their location information is shared with Google and other apps or services on their Android devices. Android users can choose to switch their device’s Location off at any time via the Android settings menu. Beginning with Android 6.0, we also provide users with the ability to disable a specific application’s permission to obtain location, including Google Maps and Google Play (see article for more).”
Lets not kid ourselves go buy Apple really. They are just as bad they collect the same kind of data they just don't advertise it. They have many many security wholes they just threaten to sue people if they want to advertise them
They are better at letting you turn stuff off but if you do you lose a lot functionality of just as many apps as you do in Android. And it's not unusual for the functionality to get turned back on after an update. The 2 major players are just as bad as each other. Its not useful to go scaremongering about one provider over the other. It's far better as so called IT professionals that we educate people in non technical terms so that they can make a considered decision on their privacy. Something this blog is generally really good at.
Well said Alan,
ZDNET is real good at telling iPhone users to turn off the privacy settings that concern them. Apple was collecting location history, and buried the setting to turn it off. This was just after 9.x I believe. Now, I can attest to some new anomalies on marshmallow. I have been using Uber, and when I requested a car for my return trip from the store, I got a full screen pop-up ad for the very store I was standing in front of. I know for a fact I have Google's contextual awareness turned off, but I did need location for obvious reasons. But, I suspect the ad was generated thru the Uber app, generously supplied by "Google". I just wish I had taken a screenshot ) – :
It's kind of funny that I was thinking the exact opposite just today. Google should know I don't go to fast food joints very often and throw me a bone by offering up what's good, or the least bad. THAT would be a technological breakthrough.
Google say that the excessive tracking is actually a bug.
http://www.theregister.co.uk/2016/09/15/google_confirms_play_store_gps_data_grab_as_a_bug_not_a_feature/
If you're paranoid, can't you just turn off GPS and Wifi on your phone, and only turn them on when you need them? Is there any other way to track you? (I guess there's the connection to cell towers, but it's not very accurate, and there's no way to know that you stepped into a McDonald's.)
As an added benefit, you'll get longer battery life as well.
that is an outright lie. I've watched google play services for years run multiple persistent background services related to location. It doesn't matter what your android settings say. Your phone is on a constant war driving mission for google and its network location mapping project. they'll never stop and they aren't concerned about your opinion on the matter. as you can clearly see in these screenshots, my location is off yet the services still run. This has been the same for years and across many devices. https://imgur.com/a/NCLA0
After reading the article again, and further research, I discovered a new network analysis app by a group of privacy concerned researchers. Mainly, the focus is on tracking leaks. Just started it up, but looks very promising. Here is the playstore link:
https://play.google.com/store/apps/details?id=edu.berkeley.icsi.haystack
And you can find their research paper online, from May of 2017 also, they are involved in Panopticon for other platforms.