The Electronic Frontier Foundation (EFF) has unearthed an alarmingly violating problem with the latest Android Phones (3.1 and above).
Users choose to share their locations via Facebook, Twitter and other networks frequently but their android phones’ releasing that information without their permission is considered to be a serious violation of privacy indeed.
EFF found that information about the location of users are released when the Android device is in Preferred Network Offload (PNO) mode. It broadcasts the Wi-Fi networks the device was recently/is currently connected to and makes it possible for anyone with the know-how to find out the exact location of the device based on that information. This is a serious threat to the security of android users.
The PNO feature, introduced in the Android Honeycomb (3.1) was designed to help extend battery life by giving Wi-Fi priority over cellular data by searching for and connecting to Wi-Fi networks while a device’s display is off. As Wi-Fi connections use less power than a regular cellular date connection this seemed to serve the purpose. However, the sort of leakage caused by this feature is probably not worth the risk.
Google upon being made aware of the issue released the following statement:
“We take the security of our users’ location data very seriously and we’re always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release.”
The problem is yet to be solved. For people looking to subvert the leaks, the EFF recommends the following method:
“Go into your phone’s “Advanced Wi-Fi” settings and set the “Keep Wi-Fi on during sleep” option to “Never”.”
Unfortunately, this will lead to a rise in power consumption and cost (due to increased date usage).
Information related to location released for everyone to track is of a very sensitive nature. At this point, it is necessary for Google to come up with a quick and easy solution to this problem.
This article first appeared on Electronic Frontier Foundation and is republished here under Creative Commons license.