Google’s Android location tracking more invasive than iPhone’s tracker

April 25th, 2011

Do you completely trust Apple and Google to use location-tracking data they continually collect strictly in  desirable ways?

If not, are you willing to disable GPS and Wireless on your iPhone or Android phone?

At the moment, those are two central questions spinning out of the revelations last week that Apple iPhones and Google Android phones keep precise track of each user’s whereabouts every day.

Sen. Al Franken, D-Minn., and Rep. Edward Markey, D-Mass., sent separate letters late last week to Apple CEO Steve Jobs asking him to supply details about how and why iPhones and iPads compile and store detailed time-stamped logs of each user’s location.

Markey

And Markey on Saturday called for a formal congressional investigation of both Apple and Google. “Unprotected personal location information could be a treasure trove for troublemakers,” says Markey. “Predators shouldn’t be able to hack into an iPhone or Android to find out for themselves, with devastating consequences for families.”

The letters to Jobs came after two British researchers, Alasdair Allan and Pete Warden, revealed their discovery of a location-logging mechanism quietly introduced by Apple for iPhones and iPads in early- to mid-2010.

Kamkar and Google car

On Friday, Google came under scrutiny. The Guardian disclosed the existence of a similar location-logging feature on Android phones, a discovery made by a Swiss researcher, Magnus Eriksson; and the Wall Street Journal verified evidence gathered by Los Angeles-based researcher Samy Kamkar, showing how most Android phones worldwide have been actively sending GPS location coordinates, as well as the coordinates of any nearby WiFi networks, back to Google for at least the past six months.

Apple did not respond to interview requests. Google’s senior manager of public affairs, Chris Gaither, said the company is not doing interviews. Instead, the search giant issued a brief statement confirming that location data, indeed,  is being transmitted back to Google servers but asserting that it refrains from tracing such data to specific individuals. Here is the full text of Google’s statement:

All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.

The tech and privacy communities are abuzz with discussions. One big risk for Apple patrons is if your iPhone or iPad is lost or stolen, says IDC applications development analyst Al Hilwa. “It makes it super easy to come up with schemes to spy on users, such as people spying on spouses or bosses spying on employees,” says Hilwa.

Wang

Meanwhile, Google’s confirmation that it has been actively collecting individuals’ location data is even more troubling to some experts, Dr. Chenxi Wang, security and risk analyst at Forrester Research, for one.  ” To me, this is even more serious than the iPhone location logging findings on April 21st, because there is no evidence yet that Apple is actively tapping into that location file saved on the phone.”

Wang says Apple’s location logging signifies “potential for misuse, should Apple decides to transmit this data to an Apple server, for instance.” By contrast,  Google is already actively collecting this information – transmitting the information intermittently to Google, with unique IDs that tie the location information to a specific phone, she says.

Location services all the rage

Apple and Google are in an intense competition to dominate one of tech’s hottest new sectors: services pivoting around knowing the precise location of the consumer. Geo-location apps — like Foursquare Gowalla, Brightkite, Loopt and Where.com –  were all the rage at the recent South By Southwest Interactive conference in Austin.

Revenue derived from so-called location-based services are expected to swell to $8.3 billion by 2014, up from $2.6 billion in 2010, according to tech industry research firm, Gartner.

Allan, the British researcher, last week stumbled upon a file stored on the hard drive of his MacBook laptop containing 29,000 time-stamped locations—a log of everywhere he had traveled in the previous 300 days. The file originated on his iPhone and was automatically copied to his laptop when he synced the two devices.

Warden

Alan’s research partner, Warden, created a software application that plots the time-stamped location data on an interactive map. The application is simple to download and free to use by any Mac owner.

Warden is working on a version for people who sync iPhones to Windows PCs. “We don’t know exactly what triggers the logging,” says Warden. “We see logging happening with intervals as frequent as every couple of minutes to much longer, and we don’t know what the pattern is.”

It is not clear whether Apple intends to somehow make this data available to location-based marketeers. Location data is being increasingly used to personalize online ads, to help parents keep track of their teens, and to help prevent mobile payment scams, says Forrester’s Wang.

“None of these scenarios justify storing a year’s worth of location data,” says Wang. “It continues to surprise me how companies always elect the privacy-invasive features as default.”

They know where you live

Kamkar, the Los Angeles researcher, says he has discovered that all recently purchased Android phones are set up to continually report specific GPS coordinates as well as the coordinates of WiFi networks in nearby homes and businesses back to Google.

He says Google can correlate timing and frequency of phone usage to pinpoint an Android owner’s home address. “If your phone is at the same location during night hours, they know where you live,” says Kamkar. “If your phone location is on the move, they can guess that you’re in a car and even calculate how fast your car is moving.”

Kamkar says Android handsets also continually track coordinates of any nearby WiFi systems, even those that are encrypted. “If you have an Android phone, Google knows where you are,” says Kamkar. “Even if you don’t own an Android phone, but your neighbor does, Google can triangulate who you are by tracking your wireless network.”

The only way to disable such tracking by your Android phone is to disable the GPS and Wireless functions, he says.

But most people, especially those under 30, aren’t apt to disable cutting-edge features, says Fran Maier, president of TRUSTe, which certifies website privacy programs.

Maier

On Wednesday , TRUSTe plans to release survey results showing 44% of 18- to 20-year-olds say they feel secure and in control when using their mobile devices. “Privacy is a big deal now, even among younger people,” says Maier. “But they believe they’re smarter and more adept at managing their information than older people.”

Even so, Sen. Franken notes in his letter to Jobs that “there are numerous ways” location data “can be abused by criminals and bad actors.” And Rep. Markey asks Jobs if he is concerned about how the “wide array of precise location data logged by these devices can be used to track minors, exposing them to potential harm.”

Tech analysts and privacy experts say Google is likely to face similar questions.

“There appears to be this enormous industry operating behind closed doors with business models premised on the collection of massive amounts of detailed information,” says Hilwa. “Only governmental regulatory bodies can inject sanity back into this state of affairs.”

By Byron Acohido