Wait, did Oracle tip off world to Google's creepy always-on location tracking in Android? Having evidently forgotten about that Street View Wi-Fi-harvesting debacle, Google has admitted constantly collecting the whereabouts of Android devices regardless of whether or not they have location tracking enabled. Between 2007 and 2010, during the debut of its Street View service, Google gathered all the Wi-Fi network …
While we're bashing Google for this it's worth noting that every cell phone company knows when a phone is connected to a mast and which mast it's connected to - thus your location after two or three connect cycles.
Pissed off that Google is doing this? Think about AT&T, Verizon, T-Mobil, Sprint, EE ... they all do it. They know who you are because they have your IMEI number which connects to your account and thus your identity.
Pissed off that Google is doing this? Think about AT&T, Verizon, T-Mobil, Sprint, EE ... they all do it.
That's completely different.. As part of the service they are delivering to you - they automatically must know where you are, in order for it to work. Which is all fine and dandy. It's in their terms of service smallprint somewhere, and it's unavoidable. Although obviously they could delete all records of your previous movements, except I think they're regulated by government and required to maintain that data for a certain period.
Google similarly do this with location services. They use your permission to turn that on as an excuse to havrvest all sorts of you personal data. Except they don't do this as a neccessary part of the service, but in order to increase their profit margins. And to be fair, to improve the service, though there are ways of doing that which would cost money that they get to avoid by harvesting your data. So if you use satnav, Google are able to add your speed of movement and location to their data - and do traffic mapping, withough paying for roadside sensor data. They also maintain their almost global map of WiFi hotspots by getting your phone to report where you've been and what hotspots it saw. Keeps their database up-to-date to improve satnav speed, almost for free. Also means they have data on exactly where you've been.
All of those services were on if you enabled location services. Which you couldn't use maps without, and there was no way of opting out of giving that free data to Google without accepting their terms. Maybe recent updates to Android have improved this? But I doubt it.
Still, even that is fine. If you care, you know what you're getting. You can avoid Droids, or turn location services off except when you need mapping - and it's all in the privacy smallprint somewhere.
This, on the other hand, isn't covered by the privacy policy or part of the workings of the service, and so is illegal, as it's in breach of data-protection laws.
"All of those services were on if you enabled location services. Which you couldn't use maps without"
It's perfectly possible to use Maps without location services. I do it all the time. Maps prompts me to turn it on, and I say No, Thank You.
Of course if I want Maps to pinpoint my current location then I have to enable location services, but that's obvious.
David Nash,
The phone has a fucking satellite receiver. It can easily pinpoint its location without sending all your data to Google. The only reason it doesn't is that Google wrote the software, to force you to make that choice.
There should be no choice. Satnav data should always be availble in maps - location services only needs to be optionally available in order to stop apps (and Google) from slurping your data.
That's why Google make only about 5% of their revenue from Android and almost all of their money from selling adverts and your data.
I ain't Spartacus: There should be no choice. Satnav data should always be availble in maps - location services only needs to be optionally available in order to stop apps (and Google) from slurping your data.
I agree. I was just responding to the suggestion that you need location services enabled to use Maps.
Unfortunately Google have not given us the option.
Actually I don't know whether it's possible for an app to get GPS location data without turning on Google Location Services. I get the impression it's one switch, all or nothing, but I haven't considered it before.
David Nash,
I was just responding to the suggestion that you need location services enabled to use Maps..
You do. To use it properly. Google Maps isn't just any application. It's one of the core components of the software. You don't have to give dialler access permisison to the phone app, because Google don't have any other permissions hooked into that - so why's it different with maps?
There's only one reason why Google have crippled the maps app, unless you turn on location services. It's because by doing that, you have to agree to let Google slurp your data - and Google really, really, really want to slurp your data.
You can still turn location services on, and disallow access to other apps, but once on, Google get what they really want. To use your phone as a data logger in their global network.
Partly this is to track you personally, for advertising. And partly it's to improve the overall quality of Android and Google's services, with stuff like accurate traffic flow info, keeping the WiFi database up-to-date for faster aGPS and whatever other clever stuff their engineers can come up with.
So it's not all about Google evilly cackling away in their bond-villain lair. But I think they've gone too far by linking a global online advertising and data monopoly with a smartphone monopoly. They've earned both those monopolies by being better, in important ways, but the downside of being a monopoly is that society gets to decide what you're allowed to do with it. And I think Google need bringing down a peg or two. The kind of arrogance and disregard of both the law, and their users' reasonable privacy expectations, shows that they need a good regulatory kicking.
@I ain't Spartacus
Well 90% of the time that I "use maps" I have location turned off. That's because I normally use it to find a place, look at roads, or a route. You only need location turned on if you want it to show you where you are, or use it as sat nav. Since I normally know where I am and normally use my car's sat nav, I don't need Maps to do so.
So you don't need location turned on to "use Maps properly"...unless you have defined "properly" to mean "with location turned on".
I'm happy to accept that for some users, they need Maps to tell them where they are and hence would have to turn on location services.
And if Google wasn't able to make money off Android indirectly,they would charge for it, OEMs wouldn't use it, every OEM would have their own platform, and apps would be impossible to write for a reasonable number of phones.
I believe we all benefit this way.
@I ain't Spartacus
"...almost all of their money from selling adverts and your data"
Selling Adverts: Tick
Selling your data: ?
That's quite a bold claim, I have never heard of Google selling your data, I could be wrong but I've also never heard it reported or seen it offered for sale. Is there any evidence for this, as it would also seem a poor business model when they can make more money by specifically not selling it.
> The fact that they get data to improve their service for free isn't fair to complain about. After all you are using their services for free, and if it wasn't a win - win situation neither you or they would do it.
I am going to come to your house every weekend, cut the grass and make a barbecue on your garden with all my friends. I get to enjoy the party, you get a tidy lawn. It's a win-win situation.
Oh, so you did not actually want me to cut your grass?
> Pissed off that Google is doing this? Think about AT&T, Verizon, T-Mobil, Sprint, EE ... they all do it.
But they don't know as much about me as Google does.
That's the problem with the Big G: once it slurps up everything in your life, it becomes a very powerful target. Not for hackers or crackers but for governments around the world.
There's a reason Apple anonymizes as much data as possible they get from their users - they know governments are greedy.
And before everyone chimes in with: "It's all according to the law...etc.bla.bla". Yes, it is, sort of. In Europe. But what if you travel to Turkey and the government there wants to know your search-history?
And maybe you set next to some guy in the metro they don't like?
And maybe you have a friend that happens to be a Kurd? That could get very interesting.
Please elaborate - how does rooting your phone automatically tip you off about continuing surveillance? Is there any actual root user who goes and blacklists system services (just for the heck of it presumably, unless you don't actually need your phone to, you know, actually work) or is the presumption that all root users are watching wireshark at all times?
> Is there any actual root user who goes and blacklists system services (just for the heck of it presumably, unless you don't actually need your phone to, you know, actually work) or is the presumption that all root users are watching wireshark at all times?
I'm sorry to hear you bricked your phone. Daddy said you shouldn't play with it like a toy, and now it's borken. Maybe you can ask Mommy and see if she can get you a new phone for Xmas.
Can you run wireshark or nmap and get the info you want without root privileges?
Do you know why one needs root privileges for nmap or wireshark?
Yes, some system services can be safely blacklisted. You have to know which ones.
Do you know how to freeze a system service in Android?
One can't stop Google's continuous tracking. And I never claimed one could.
Thanks for commenting.
> Is there any actual root user who goes and blacklists system services
Yes. Typically you would remove (and I mean actually remove, not just disable) any "services" you do not want, including all the spyware installed by Google, the phone's manufacturer, the chipset manufacturer, and possibly the manufacturers of various other components inside the phone, then you would remove all so-called "Google applications" (GApps), and then you set up a firewall to stop all those other services that are actually needed for the phone to work from sending data anywhere. This may involve replacing things like the messaging application or the dialler with third party alternatives.
It is of course a major faff but I personally resent being part of a surveillance society that makes the KGB and the Stasi look like rank amateurs and North Korea a beacon of freedom.
"Google claims the collection is part of an experiment to optimize the routing of messages through mobile networks."
Which is none of Google's business, much less something Google has any control over. Routing between phones is controlled by the carriers except if an app is required to route everything through a server designated by the app writer. We call that "spying".
Or set your phone to require your active permission to connect to wifi. Mine beeps at me when I visit our sainsbury's in a way that sounds like a message asking to connect to a wifi. I ignore it. Though it only happens when I'm in the further half of the store, away from the doors.
So no wifi for me if I've popped in for a sandwich or a lottery ticket etc.
"active permission to connect to wifi"
Location services report all the Wifi APs your phone can see and GPS location if available.
The only difference actually connecting to an AP makes is without asking permission the fuckers will also use the information from your device to geo-locate the IP address of the AP.
No one in that thread provided proof.
At least read the entire thread first
<PING!>
Hi,
It looks like you're new to the internet. Don't worry, it can be daunting at first; Never fear though as help is at hand. Would like to know how to:
You can probably disable this popup in your internet settings, somehow. Try sending all you own to the next Nigerian prince who contacts you.
That depends on how what data you are collecting and what processes you are using to derive useful information. All Google needs, if what the article states is true about what and why, is the cell tower location derived from that data. The rest can be shitcanned immediately unless you are retaining it for quality analyses.
Personally, using an OS provided by a company who derives revenue from any and all data collected about you to develop information to sell to a third party really shouldn't be trusted. And I say that as someone who only has Android tablets connected online.* Everything else is energy-gapped now.** Periodically I check as to what they think about my habits. They look the same as my activities everywhere else. Geek/Nerd engineer. Shocking, isn't it?
* - IOW, Google isn't my threat model, it probably is for pretty much everyone else.
** - IOW, I'm getting awfully nervous about the state of the internent and connected devices. Eat my tablets. You ain't getting my computers without some serious work. Really nervous.
is trust based not information based, which is just as good as any misleading fake news on FB. One guy reported on quartz about this but nothing for El Reg or anyone else to review or verify. Even El Reg was only able to report "Google slurped the data regardless of whether or not location services was enabled because, according to an unnamed source cited by Quartz, the data was tied to Google's Firebase Cloud Messaging service."
If it is tied to the Google Firebase Cloud Messaging services, then it's just 'possibly' part of google services for android 4.0+.
But since we don't actually know the details, everything is just a random guess. We don't know if it's really part of google services. We don't know if it's a backdoor in AOSP. We don't know if it's hardware. The Quartz report reported no real information except for just trust us.
@AC
I’m not necessarily calling bullshit - but that’s a mighty big claim and one for which you’re going to have to provide some evidence. From everything I’ve seen on iOS, if Location Tracking is off then it’s truly Off. But if you know differently I’d be very interested to learn more. Cite away…
Don't worry, that AC won't get back to you. I've noticed that when there's bad news about Android, there will always be an AC claiming "Apple does it too", without any proof of course. I guess whataboutism isn't limited to politics (or maybe for some people Apple vs. Android is political)
But since we don't actually know the details, everything is just a random guess. We don't know if it's really part of google services. We don't know if it's a backdoor in AOSP. We don't know if it's hardware. The Quartz report reported no real information except for just trust us.
Firebase Cloud Messaging is the new name for Google Cloud Messaging. Most Android app notifications go through FCM (Android 8 tightens the noose even more with regards to Doze mode). The Play Services binary blob includes the FCM client. The FCM client uploads this stuff to Google. If you don't install gapps on a plain AOSP then notifications don't work because you simply don't have the client which talks to Google. It is known.
"But since we don't actually know the details, everything is just a random guess."
No, far from random. Set of questions:
1) Does it fit into corporate policy? (i.e. conforming it or policy rewritten to conform)
2) Is it legal? (Semi-irrelevant if #1)
3) Is there profit to be made?
When 1) and 3) are "yes", then it will happen. If not now, at some point and therefore claiming it happens, is far from random guess: It's inevitable logical conclusion and it being "unproven" is basically irrelevant.
It either is done or will be done.
And we are only using your device to build our cellphone tower map.
Citizens, we are only doing this to help you."
Like f**k.
Does the Google employees manual have a New speak dictionary included at the back?
You can bet this is going to be a battery hog.
TBF I'm sure Google take the privacy of all that data they collect on us very seriously. After all you wouldn't want the data you've worked so hard to steal to be stolen by someone else, would you?
I'm sorry, what? Your cellphone tower map is getting built based on the location of cellphone towers, based on... location of cellphone towers? Because we seem to be talking about location services (therefore GPS, presumably) being turned OFF - so how would you know where the tower you sense is...?
> how would you know where the tower you sense is
For starters, Google's Location Services isn't restricted to using GPS.
Each and every cell has a unique worldwide identifier. Each and every phone or device has a unique worldwide identifier - it's called the IMEI.
Each and every cell identifies and records the devices that connect to it, including carrier, IMEI and telephone number. Each and every cell tower also has a GPS transceiver. The phone or device will request and receive the GPS coordinates of the cell, from the cell.
Each and every cell phone/device will identify itself to each and every cell that it can establish a connection to.
If you remove the SIM card from your phone, the phone's radio will still scan for cells, and will still identify itself to the cell stations. Without a SIM, you cannot establish a connection to any carrier network, but your phone can and will be tracked and located, even without a SIM.
Given that the phone doesn't scan for one cell only, in densely populated areas with a high cell density the precise location of your device can be triangulated, within an accuracy of a few feet.
For example, my cell phone is currently chatting with 4 different cells in my neighborhood, although I have a carrier connection through only one of them.
Even though you may have disabled Google's Location Services, and even though you may have removed the SIM from the phone. You can't disable the GPS transceiver on the cell towers, and you can't prevent the radio on your device from scanning for 3G/4G signals and identifying itself to the cell(s).
In the early days of Google and Facebook the companies established an understanding with users that they gave up some of their privacy in return for services.
Since that time the ability of the companies to mine almost unbelievable levels of detail from location, association and the subject of messaging and emails, this ‘contract’ is no longer working.
Most people seem to have little understanding of the depth and breadth of what it is that these companies know about us. I often hear people say that they don’t care but are they making that judgement with any real knowledge of what is going on in these big data platforms?
If anyone has any kind of association or activity that they would rather keep private then carrying a cellphone means that Google knows. The level of sophistication is truly impressive and this report lays bare just one aspect.
Quite rightly there is a lot of focus on what governments know about us but I suspect that it pales into insignificance when compared to the big social media companies.
That seems a good point and may come afoul of data protection laws in the UK. As IIRC a business needs a reason to collect data... you are not suppose to blanket collect and sata mine after (as this is considered intrusion I guess same was as the google street view wifi was) though Google no doubt can think of some use case.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
