We may earn commissions when you buy from links on our site. Why you can trust us.

Android Phones Also Storing Location Data

by Josh Kirschner on April 21, 2011

This week, news broke that the iPhones and iPads running iOS 4 were storing detailed location information for the device going back a year or more. The privacy implications were made all the more serious by the revelation that the data was stored in an unencrypted file that anyone with access to the phone could download. And if you sync your phone to a PC, the file would be accessible there as well.

Many people wrote in to ask us if this is an issue for Android phones, as well. It turns out it is. A Swedish researcher, Magnus Eriksson, found that Android phones store location data in much the same way as iPhones do, but for a much shorter period of time. Typically, the cell tower data are limited to around 50 records going back 12 hours (Wi-Fi location records are limited to 200 going back 48 hours). And, the data are more difficult to access than on the iPhone and not backed up to your computer. So the privacy implications are much less than with the iPhone.

But, the story doesn't stop there. According to the Wall Street Journal, it turns out that both Android and iOS phones are continuously transmitting your location data to Google and Apple, respectively. In the case of Android your phone's unique identifier is included in the data sent. It's not yet clear whether that is true for Apple as well.

From a personal privacy perspective, I am more concerned about the data stored on my phone than what is sent to Google or Apple. In terms of truly malicious or detrimental activity, I see more situations where this could occur from someone finding a lost phone or accessing your computer to download your location history than from Apple or Google's tracking. But both situations are troubling.

Fortunately, the recent brouhaha is causing congress to get involved. Both Senator Al Franken and Representative Edward Markey have sent letters to Apple requesting more information on the matter. We'll see where it goes from here.

Topics

Phones and Mobile, News, Cell Phones, Home Safety & Security, Blog

Discussion

From David on April 22, 2011 :: 2:57 pm

I find it amazing that this is just now coming out to the public. What did you people think they were doing with all these “smart” phones? They want to track where you are, what you do, where you spend your money. I hardly believe that the government didn’t know about this, what a laugh. They have had a difficult time convincing people to submit to being implanted with a RFID chip, so the next best thing is to make the phones so enticing that everyone will come to depend on them and take them wherever they go and track them that way. I will never voluntarily have a “smart phone”.

From Mike on April 22, 2011 :: 6:48 pm

You might want to check here: http://pogue.blogs.nytimes.com/2011/04/21/your-iphone-is-tracking-you-so-what/ to get a better appreciation for what is going on.

Then check here: http://www.digitalninjastl.com/blog/2011/04/20/your-smartphone-is-tracking-you-and-you-said-it-was-okay/ for excerpts of end user license agreements for all major smart phone platforms. All the platforms do the same, or similar, things to what Apple does. Except, in most cases, nearly all the other smart phones transmit your data back to a server - the iPhone does not share your location data.

If you don’t want to be tracked:

Turn off location services, (that’s what Apple calls it, I don’t know other platforms call it).

Turn off your phone when you are not using it.

Take the battery out of your phone, (the only ‘surefire’ way to make sure you aren’t being tracked. Some phones still track, even after they are turned off).

Don’t carry/own a cell phone or a 3G enabled device.

Don’t carry a device containing a GPS chip.

Consumers demand a large variety of location based services from their GPS enabled smart phones. It is impractical to expect your phone would be able to provide location based services, unless it knows where it is.

Real time tracking of any cell phone - stupid or smart - has been a reality for years. In some jurisdictions, the courts don’t even think the cops need a search want to obtain the data from your cell provider. If you leave your cell phone turned on, you can be tracked from tower to tower. That’s been a fact of life for years.

In this instance, there is more going on than meets the eye. If the ‘security’ people who did this found this kind of information - which we know is there, they just had to look for it - in a HTC, BlackBerry or Android phone, it wouldn’t have been news. But, Apple? You get a great deal more publicity when you hack an Apple product, because they are set apart from and dominate the rest of the cell phone market.

From Josh Kirschner on April 24, 2011 :: 2:22 pm

There are some fundamental differences in what is happening on the iPhone vs Android (at least based on what we know now). Only the iPhone is storing a significant amount of location history data on the phone and syncing it with your PC. There is no evidence that this data is being transmitted to Apple, though it could be. Android phones are transmitting this data to Google.

Which concerns you more depends on your general feeling about privacy as well as your personal need for privacy. As Pouge points out, if you have nothing to hide, you probably don’t need to be concerned about the Apple data. But if you do, from a spouse or employer, the Apple data is a big risk.

Apple has made security and privacy a cornerstone of their marketing efforts for years, more than happy to talk up the failings of Microsoft and Android. So it should be no surprise that they’re getting extra heat on this issue.

From Mike on April 22, 2011 :: 7:03 pm

If you don’t want the data stored in your phone to be accessible to anyone, password protect your phone.

If you are concerned about people accessing the data that your phone sends to your computer when you sync, encrypt your backups. Use a 128 bit public key encryption system and you are protected from just about everything but a brute force attack by a couple of Cray supercomuters running in parallel hacking away at your data for a year or so. [In other words, the only people who could possibly break 128 bit encryption is the NSA, so you probably shouldn’t get the NSA angry at you. LOL)

Version 4.2 of iOS allows you to lock your phone and/or erase the contents of the phone remotely, so the person who steals it can’t access your data. iOS couldn’t do that, unless it knew where your phone was.

From Mike on April 25, 2011 :: 10:42 pm

I don’t know if this is the place for philosophical discussions, so I will just leave a link and anyone can read it at their leisure.

Here’s an article about why, “even if you have nothing to hide,’ you should jealously guard your privacy and demand that your constitutional right to privacy be respected at all times:

http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html

Apple’s aggregation of X+1 amount of data that is not transmitted to any server bothers me a great deal less than Android’s aggregation of X-1 amount of data that is sent off to a server to be read at the leisure of some obscure data mining software that will do who knows what with the data.

I can control the data on my iMac behind my firewall, pretty much without exception. That’s where the data from the iPhone ends up. A search warrant would be required to gain access to it. The law on this is in a state of flux, but it seems to be coming down that one cannot be compelled to reveal their password as it could be used against them and is testimonial in nature.

In other words, to get past the log on password and the 256bit public key encryption on someone’s hard drive, the government better have a couple of Cray supercomputers warmed up to break the encryption. [someone besides the government might want to get past the security on an encrypted system, but - unless you’re Bill Gates or Rupurt Murdoch - the cost of breaking the encryption - assuming it could be broken - would outweigh the value of any of the encrypted data.]

All any government agent or half-way smart hacker has to do ito gain access to whomever is holding the Android data is walk in with a search warrant-and, in certain jurisdictions a search warrant isn’t even needed - or use some basic social engineering to trick their way into the system.

The researchers that found this ‘problem’ were interested in making headlines. They didn’t go after one of the several hundred different incarnations of phones running the Android OS, because no one Android phone represents as big a target as Apple. They wouldn’t have gotten much attention if they had hacked the Android phone they give you for free at Best Buy when you sign up for a 2 year service plan. No one would have cared.

They weren’t even that cleaver. All they needed to do was to read Apple’s EULA and then go looking for the data that facilitates Apple’s use of location services.

I don’t think Apple, Android, RIM, HTC, etc really thought what they consider a ‘feature’ that is plainly described in the EULA would be of interest to anyone - since, ostensibly, everyone who owns one of their phones knows about it.

If this concerns one, at all, then they are really going to freak out when they realize that all that data they are uploading into the ‘cloud’ cannot be controlled by them. And that a simple server malfunction can bring it crashing down - like Amazon’s problem just did.

Interesting times we live in, no?