Google Play obsessed with tracking Android users’ every move

There is a fix, but your phone might not work afterwards.

David bisson
David Bisson
@

Google maps surveillance

Google Play has a keen interest in tracking Android users as they go about their day, and there’s little that can be done to stop it.

Security researcher Mustafa Al-Bassam found that out the hard way.

Mcdonald'sUpon entering a McDonald’s, the researcher “almost had a heart attack” when his Android phone prompted him to download the fast-food chain’s mobile app.

Sign up to our free newsletter.
Security news, advice, and tips.

Al-Bassam checked his phone and discovered that with his operating system, which is running one of the newer Android builds, it’s almost impossible to prevent Google Maps from collecting your location.

Fine. He decided to uninstall Google Maps. But that’s when he came across the larger issue threatening Android users’ privacy:

Let that sink in for a second.

Google Play services is capable of constantly tracking Android users’ movements because it uses features like Nearby to create “location awareness.”

As Google explains in a blog post:

“One of the unique features of mobile applications is location awareness. Mobile users take their devices with them everywhere, and adding location awareness to your app offers users a more contextual experience. The location APIs available in Google Play services facilitate adding location awareness to your app with automated location tracking, geofencing, and activity recognition.”

In other words, Google Play’s APIs are responsible for this continuous tracking, not Android’s location APIs.

That means if a mobile user with one of the newest Android builds tries to switch off location for Google Play (via Apps > Google Play Store > Permissions), they’ll get a pop-up window warning them that turning location off for Google Play will disable that feature on every single app installed on their device.

Okay… so what if you uninstall Google Play and/or Google Maps?

Well, it depends on what you have installed on your phone. You won’t be tracked, but you’ll have to manually update each of your apps, some of which might not even work anymore without an active installation of Google Play services.

Wont run without google play

Damned if you do. Damned if you don’t.

So what’s the best course of action here?

You can either risk it and uninstall Google Play and Google Maps, or several times throughout the day, you can live with turning off location to Google Play Services and all of the apps installed on your phone.

Neither choice is all that appealing, but if you go with the second option, at least you can curse out Google multiple times a day for the continued inconvenience and for mishandling your privacy.

That or switch to an iPhone. Now.

Update: As The Register reports, Google has acknowledged that the behaviour is a bug rather than a feature:

“We identified a bug affecting a small number of users in a recent release of the Google Play. For users in the error state, the Google Play app was unable to obtain GPS, causing it to make frequent unsuccessful requests and use battery. We will be rolling out a fix in the next few days.”

In addition, a Google spokesperson has sent us the following statement:

“We’ve long provided users with tools to control how their location information is shared with Google and other apps or services on their Android devices. Android users can choose to switch their device’s Location off at any time via the Android settings menu. Beginning with Android 6.0, we also provide users with the ability to disable a specific application’s permission to obtain location, including Google Maps and Google Play (see article for more).”


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

7 comments on “Google Play obsessed with tracking Android users’ every move”

  1. Alan

    Lets not kid ourselves go buy Apple really. They are just as bad they collect the same kind of data they just don't advertise it. They have many many security wholes they just threaten to sue people if they want to advertise them

    They are better at letting you turn stuff off but if you do you lose a lot functionality of just as many apps as you do in Android. And it's not unusual for the functionality to get turned back on after an update. The 2 major players are just as bad as each other. Its not useful to go scaremongering about one provider over the other. It's far better as so called IT professionals that we educate people in non technical terms so that they can make a considered decision on their privacy. Something this blog is generally really good at.

    1. David L · in reply to Alan

      Well said Alan,

      ZDNET is real good at telling iPhone users to turn off the privacy settings that concern them. Apple was collecting location history, and buried the setting to turn it off. This was just after 9.x I believe. Now, I can attest to some new anomalies on marshmallow. I have been using Uber, and when I requested a car for my return trip from the store, I got a full screen pop-up ad for the very store I was standing in front of. I know for a fact I have Google's contextual awareness turned off, but I did need location for obvious reasons. But, I suspect the ad was generated thru the Uber app, generously supplied by "Google". I just wish I had taken a screenshot ) – :

  2. Usamare

    It's kind of funny that I was thinking the exact opposite just today. Google should know I don't go to fast food joints very often and throw me a bone by offering up what's good, or the least bad. THAT would be a technological breakthrough.

  3. Bob

    Google say that the excessive tracking is actually a bug.

    http://www.theregister.co.uk/2016/09/15/google_confirms_play_store_gps_data_grab_as_a_bug_not_a_feature/

  4. Ash

    If you're paranoid, can't you just turn off GPS and Wifi on your phone, and only turn them on when you need them? Is there any other way to track you? (I guess there's the connection to cell towers, but it's not very accurate, and there's no way to know that you stepped into a McDonald's.)

    As an added benefit, you'll get longer battery life as well.

  5. D. Maddox

    that is an outright lie. I've watched google play services for years run multiple persistent background services related to location. It doesn't matter what your android settings say. Your phone is on a constant war driving mission for google and its network location mapping project. they'll never stop and they aren't concerned about your opinion on the matter. as you can clearly see in these screenshots, my location is off yet the services still run. This has been the same for years and across many devices. https://imgur.com/a/NCLA0

  6. David L

    After reading the article again, and further research, I discovered a new network analysis app by a group of privacy concerned researchers. Mainly, the focus is on tracking leaks. Just started it up, but looks very promising. Here is the playstore link:
    https://play.google.com/store/apps/details?id=edu.berkeley.icsi.haystack

    And you can find their research paper online, from May of 2017 also, they are involved in Panopticon for other platforms.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.