BEST OF THE WEB

Android leaks Wi-Fi location data, say EFF researchers

Security pros have enough to worry about if their staff have Android devices. Here’s another: The Electronic Frontier Foundation says there’s a high risk the device is broadcasting its location history if it isn’t connected to a Wi-Fi network.

In a posting this week on its Web site,  the vulnerability sends out places you’ve connected to previously. That may not be important if it’s a coffee shop or an airport, or, it is if it’s a place you’d rather people not know about. What makes this a problem is that the locations are broadcast in plain text.

“Location history is extremely sensitive information,” write authors Peter Eckersley and Jeremy Gillula. “We urge Google to ship their fix as soon as possible, and other Android distributors to offer prompt updates containing it.”

In response Google says it is looking into the issue and may make changes in a future Android release.

Other mobile platforms also have this vulnerability, the authors say.

“In Android we traced this behavior to a feature introduced in Honeycomb (Android 3.1) called Preferred Network Offload (PNO). 3 PNO is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they’re in low-power mode (i.e. when the screen is turned off). The goal is to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data. But for some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off.”

The authors offer a workaround that works on some handsets: Go into Advanced Wi-Fi setting and set the Keep Wi-Fi on during sleep to “Never.” That will, however, cause a “moderate” increase in data and power consumption.

Other solutions include manually deleting the networks you don’t want to broadcast, or, to be really safe, turn Wi-Fi off when you’re not connected to a network.

 

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web