A new report shows that Android users’ location data was being accessed and collected by Google even when the user had location services turned off. The report, created by Quartz, states Android phones collected cell tower address information based on the location of the device and relayed those details to Google, a potential invasion of privacy.
As reported by Fox News, Google confirmed the data collection method was in use, according to the Quartz report, but claims they are ending the practice at the end of the month.
“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” said a Google spokesperson. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”
Google has not disclosed how the location-oriented data was used to “improve the speed and performance of message delivery.”
“This apparent disregard for users’ data privacy needs to end, Said Mike Kail, the CTO and Cofounder of CYBRIC, a security company, in an email. “Perhaps it is time for the US to consider regulations similar to the forthcoming GDPR in the EU to institute greater transparency around the collection of personal data, including location, and providing a mechanism for users to have greater control over what data gets stored and where.”
A substantial portion of Google’s business is based on advertising, a practice where location data is particularly valuable. Parent company Alphabet said it generated $27.7 billion in revenue in its most recent quarter, $24 billion of which was from advertising.
GIPEC-Cyber Intelligence Company’s Eric Feinberg considers the practice of collecting location data unbeknownst to users a huge risk, especially for individuals who are trying to keep their whereabouts private for a reason.
“I think it has the possibility of putting people at risk, especially users in the military and government jobs that… may not want their locations disclosed due to the sensitivity of these jobs,” said Feinberg.
As of September 2017, there were approximately 215,000 cell towers in the US, with an average maximum range of 22 miles. However, when multiple towers are accessed, a user’s location could potentially be pinpointed down to a quarter-mile or smaller, especially in large cities where cell towers are plentiful.
Based on the Quartz report, the practice of collecting the location data wasn’t limited to a particular Android device and, even after a factory reset and location services being disabled, the location information was still being sent to Google.