eh?
I had not realised it was standard practice to leave GPS enabled at all times, must be getting old.
Google, it seems, is very, very interested in knowing where you are at all times. Users have reported battery life issues with the latest Android build, with many pointing the finger at Google Play – Google's app store – and its persistent, almost obsessive need to check where you are. Amid complaints that Google Play is …
I leave mine running without issue. I figure anyone sad enough to want to track me constantly will get pretty bored doing so.
In some cases, having it publicly viewable is useful from two perspectives: (1) people don't have to ring me to find out how long I'll be / where I am / etc and (2) if someone accuses me of being in a place / not being in a place, I have evidence to the contrary.
That said, such material is not intended for, and not authorised for, marketing purposes.
I have other reasons for not using the Google Play store, chiefly among them being they don't accept my non-Gmail-based Google account as being valid. I use the f-droid store instead, and would recommend it as an alternative.
Were I not in excess of 3000 miles away someone knowing might not be a good idea.
I don't live in a world where I have to fear such things. So you know where I live: big deal. It's not like you're permitted to come here and burn down the house now is it? Or my workplace.
More to the point, I bet your information is about 2 days old. It might change again later this week, and the mode of transport does not matter much: a car doesn't necessarily go faster in traffic.
"That said, such material is not intended for, and not authorised for, marketing purposes."
HA! you fool! The day you accepted the Android EULA(*), you authorised Google to use that information for whatever they want.
(* Which no doubt, you were deemed to have done simply by starting up your phone)
HA! you fool! The day you accepted the Android EULA(*), you authorised Google to use that information for whatever they want.
However, they cannot send me marketing material as I do not have a Google Play account with them. So it's no different to that APRS tracker. Yes you can try analysing it, but you'll get bored in pretty short order as it's much the same each week.
Whether you have GPS on or not doesn't matter much any more, at least not in any relatively well-populated area. Now they've built out their wifi access point location database, Google can locate you extremely accurately in any place where there are more than a couple of wifi access points in range whether you've got GPS on or not. Android can use wifi-based geolocation even if wifi is 'disabled'. I think there's somewhere you can 'turn this off', but of course, you're relying on Google's goodwill, I've no idea if that really works or not.
On my Adroid phone WiFi's disabled too.
Oh, but that's that's just a start. Don't forget about Bluetooth, to defend against beacons. And of course, airplane mode so they can't track you by cell tower triangulation.
Downside is, that effectively turns a smartphone into a ca. 2000 Palm Pilot. But that's the price of privacy in the Age of Relevant Ads.
Upside is that you can save a lot of money on the data and calling plan...
Let's see...
GPS off ... check
WiFi off... check
Bluetooth off... check
NFC off... check
data plan, noonexistent... check
Power off... maybe.
All good then, as much as can be.
Leaving WiFi on means you can be tracked to the nearest 2-3 meters, and there are commercial services that do that and sell the data to hundreds of corporations.
Unfortunately, cell phones have to advertise where they are and be tracked, so calls can be routed to the cell where the phone is. There's no way the 'phone system could probe the cell network of the whole world to locate a phone.
So it's axiomatic that a functioning mobile phone can be tracked without GPS, WiFi, NFC or Bluetooth.
The difference is that the cell location information is normally limited to the service providers running the cell network, and agencies with legal access to that information. The combination of WiFi/Mobile Data and GPS/AGPS makes this type information available to all apps with some tracking function.
I run will all comms except the phone disabled, but mainly because of battery life.
Power off... maybe.
lol, recently I had a brilliant idea: went for a week to a place where no plug was to be found to recharge (and spare battery was shite).
With my mobile off overnight I found out with some shock that the battery went down overnight, something like 20% (and I didn't leave it out in the cold). Very sneaky, I thought, so it still runs, even if it doesn. So next night I took the battery out, smartass. No further loss of battery life, hurrah. And the next night. Only that on that next night's morning, when the battery went back in, the phone told me it's 1 Jan 2000, and couldn't find any networks for a very, very long time. Not, that it mattered, but left me scratching my head: why can't they save some basic data to a backup memory... I guess a matter of extra couple of cents to fit some tiny extra battery...
<para>On my Android phone WiFi's disabled too.</para>
Nope. I think if you read the fineprint, WiFi can still be accessed by apps (Googley ones) when it's 'disabled'. I think they just ping it on periodically and scan nearby access points, without trying to connect to anything.
As a hilarious UK Border Force Agent informed me, when I commented that I was not looking forward to replacing my passport with the new biometric edition:
"Resistance is futile"
Feature phones are still 'a thing'; I suppose.
Feature phones are still a thing, and they are even more private when you allow the battery to discharge completely. Track me now, guys!
I am not defeating the purpose, though. A charger in the car brings the phone to full function in a few seconds, in the event of car trouble or other unusual circumstance. It doesn't need to charge a bit first. If there's a preplanned circumstance when a mobile phone will be useful, like meeting someone away from home, I can easily charge the phone; it reaches full charge really quickly compared to smartphones, and it can be on standby a week or more before it nags me for low battery (and it's about 7 years old, with the original battery).
Otherwise, I use old-fashioned land lines to talk to friends or family. If I am out and about, I finish whatever I am doing. I'm then free to return home and call anyone I want.
I didn't need to be constantly connected in the 80s and 90s (I didn't get my first mobile until well into the 2000s), and I'm still the same individual I was then. Why, back in my day, I... well, never mind.
Feature phones are still a thing, and they are even more private when you allow the battery to discharge completely. Track me now, guys!
I am not defeating the purpose, though. A charger in the car brings the phone to full function in a few seconds, in the event of car trouble or other unusual circumstance. It doesn't need to charge a bit first.
Shouldn't even have to discharge it with a lot of feature phones. Feature phones (at least the ones I've had) tend to have accessible, removable batteries. You could just open the battery housing and slip in a piece of paper over the battery contacts. When you need to use it, just open it and remove the paper.
You can turn that off too, as usual it is hidden(you can turn all tracking off in Android, but you have to find the right switch in the wrong place).
Wi-Fi scanning can be turned off by going into Settings - > Location -> (click on the 3 dots icon) -> Turn off Wi-Fi and Bluetooth scanning.
Now every time you turn on your location services the bugger will try to social engineer you into enabling Wi-Fi and Bluetooth scanning.
Best is to use Cyanogenmod (or other) without the pesky Google apps. There are alternative "stores" from F-Droid(Open-source) and Amazon.
Here is a good atricle on how to "secure" your phone with CM, they have listed all those hidden switches:
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
I have a Nexus 5X with CM, Privacy protect turned on for all apps(including the build in ones) outbound firewall(AFWall+) and anon VPN service. So I am really considering buying Nokia 3310 and a Garmin GPS device :)
<quote>Nope.</quote>
Yep.
When you set up the phone you have the option of turning it 'off' so that NO applications can access your location via gps/wifi, or turn it 'off' so that they can.
I leave wifi and gps on all the time. No untoward battery drain, not unwanted prompts for app installs... Maybe it's cause I don't use data; maybe it's because I don't use public wifi. Whatever it is, Google doesn't seem to know with any certainty where I am except if I'm at home or at work.
I've just checked my location history. It had me scratching my head until it dawned on me that Google is using the GPS data embedded in photographs (presumab
Google can locate you extremely accurately
Oh no they can't.
Simply because I don't have an Android. And no iPhone or Winphone either. This has some downsides, but insofar as those are actual downsides for me they're mitigated by carrying a N900 (being used as a WiFi-connected browser only).
I have pretty much every wireless component turned off bar the GSM until I actually need them.
But even then, I still use xprivacy as defence against apps (including Google's) accessing things they shouldn't. Xprivacy is better than Google's own access system as in theirs they seem to be letting their own apps through and not allowing the user to control them.
Oh, and I'm still on KitKat 4.4.4!
yes, for a vast majority it's a standard practice to leave GPS enabled (probably because this is how it was when they first got it on contract, and they never found out, how to turn it off (so you say, you actually have to TURN ON gps to find your location on your smartphone?! I thought it was like always on...). Likewise wifi, automatic updates, data over mobile networks, brightness full on (great colour palette on that phone, shame not to use it). The vast majority NEVER go anywhere near their phone "settings" menu, never mind the evil art of rooting. After all, it leads down the darkest bottoms of hell with a black screen and (usually) green lines of text lurking at unsuspecting humans.
But there, a beacon of light, a friendly hand of Google to help you out. And why not to trust them, with such a cuddly, lively, sun-lit logo? Thank God for GOOGLE!
"I had not realised it was standard practice to leave GPS enabled at all times, must be getting old."
Indeed. I don't really understand the logic of leaving every bit of wireless shenanigans you can constantly enabled, and then complaining that they're actually being used and running down your battery. It takes maybe half a second to enable GPS or wifi or whatever, you simply swipe down to get the menu and hit the relevant icon. Any meaningful use of those services takes far more user interaction than that anyway - typing something to search on maps, entering wifi passwords (you're not letting your phone connect to every open wifi network it sees of course), and so on, so it's not like you're adding a ton of inconvenience. Leaving them all permanently enabled is just utter stupidity with no benefit to the user at all.
I had not realised it was standard practice to leave GPS enabled at all times, must be getting old.
Given the length of time that it can take to locate enough satellites to find one's position with any degree of accuracy it can be convenient to leave GPS permanently on. I seem to use positioning often enough that (a) it's a fag to wait for the GPS to do its thing if I keep turning it off, and (b) Google will know where I am most of the time anyway.
If I really want Google not to know where I am I'll turn the phone off, but that has its own implications for convenience.
MOST USERS AREN'T COMMENTARDS!
Sorry for shouting this, but it has to be said v e r y s l o w ly and loudly on here sometimes.
You may turn everything off, wrap the phone in foil and carry it in a Faraday cage. But most users think that the Satnav is a force of nature that has been collected from a deep cave and locked into their phones by magic.
Way too many apps seem to want GPS when WiFi accuracy or Where-was-I-last or Pick-from-a-list accuracy are good enough. (And even if I weren't a geek, battery life means I usually have it turned off.)
I'm more likely to use Yelp to ask about a restaurant near some specific city (e.g. home, or where I'm going later today) than near where I am now, but even if I'm not doing that, whatever level of location resolution it gets should be good enough.
I'm more likely to use weather for a specific location (home or work) than "here" - I can see if it's currently raining outside, and don't need 10-meter resolution to tell the temperature when it's actually using readings from the nearby airport anyway.
The GPS HW is always available -- if 911 wants your location, they will get it. When you "turn off" GPS, all you do is stop all applications from getting it. Except 911.
And when I say GPS -- your phone doesn't use GPS that much. It locates you via the cell towers, and you can't avoid that. So permission is turned on/off for your *location*, not necessarily from GPS.
I wonder how evil Google will have to get to start to leave a bad taste in everyone's mouth?
This post has been deleted by its author
The National Trust app is ver good at telling me when I've arrived at one of their properties - though I'm normally aware of ths due to the need to show my membership card! Perhaps I'll start becoming worried when they stop asing to see the card and start welcoming me by name (something I think some banks trialled doing)
just tried to get a list of the permissions a randomly chosen app has requested on my phone (a non-rooted Android), and cannot find out why it wants each ... is everyone else copying Google's lead, or as Google realised others have gotten away with it for ages, or are they all just as bad as each other?
Question - I don't have any iDevices, so honestly don't know how Apple stacks up here. On a recent iPhone, can I get a list of what permissions each app has, and why?
At least with marshmallow or above you can retrospectively deny permissions (even if the app claims it needs them). YMMV but after installing any new app I religiously deny things that serve no apparent purpose to the app. Very few apps actually crash, and those that do get uninstalled.
"On a recent iPhone, can I get a list of what permissions each app has" - not only can you get a list, you have fine-grained control over precisely what tracking and other access you allow for every single app and every single system service. No doubt I'll now get downvoted by all the fandroids, furious that I've dared to point out that iOS is better for privacy than Android is.
To provide a little more detail to dz-015's answer, on iOS 9 under Settings>Privacy you can individually control each apps access to
location services, contacts, calendars, reminders, photos, Bluetooth sharing, microphone, camera, HomeKit, media library and motion & fitness.
Unfortunately, iOS 9 does not allow users to completely disable internet access to specific apps. I don't want shopping list, to do list or calculator apps to have internet access. My solution is I don't buy apps.
> simply looking at the SSIDs it can see
... but was it recording SSIDs (which can be changed by the user) or the MAC address of the AP (which generally can't). I know that Google was recording a certain amount of *traffic*, which was temporarily embarrasing. I only ask, because I set up a new router recently (different MAC, of course) with the same SSID as always (because that's simpler). Do you suppose Google knows the location of my router?
I was thinking the same thing. You have to have something from McDonalds installed to tell it to launch something that would ask you to download an app. A beacon ~(as Chrome can be used for beacon notifications) is the only thing I could think of unless the user had downloaded an app that had a relationship with McDonald's.
Waze is the other thing that can pop up notifications for services when you get near, but you would normally know if Waze was running.
Absolutely. Google ( and Android is Google's puppy) is there to gather your data and sell you to advertisers.
I'm always amazed about the way that commentards will attack Microsoft ( fair game I admit) for privacy violations, but are happy to admit to using Android phones. Windows phones are seen by some here as the Devil's work - but at least they aren't Google.
The article doesn't make it clear, but it isn't the Google Play Store app, but Google Play Services - a part of Google's Android that provides APIs (including location) to other apps.
ALSO: Some phones can start getting warm and depleting their battery very quickly, and upon Settings> Battery> you'll see Google Play Services at the top of the list (instead of 'Screen', as is usual). This probably means Google Play Services is being called upon by some rogue 3rd party app.
and then it has a snit fit and refuses to work
So get shot of it and use a different app store such as f-droid.
By getting rid of a load of non-essential Google stuff (well, it looked non-essential to me, and the phone still runs just fine), I managed to make my original MotoG last up to 10 days between charges. Now that it's running Cyanogenmod it's even easier. Obviously if I turn GPS on it starts munching power...
Oddly, if I'm using OSMTracker with GPS, then finish and turn GPS off, battery use stays high, but a reboot sorts that :-)
M.
"I deleted my banks app when an update demanded access to my address book (and other irrelevant data)"
This fear that people have about every app doing dodgy things is getting out of hand, it's almost becoming a witch hunt - it's completely obvious why your banking app would like access to your list of contacts.
"it's completely obvious why your banking app would like access to your list of contacts."
Sorry, my sarcasm meter must be broken. In what way is it obvious that a banking app requires access to one's contacts list? My business with my bank is managing my money, not my dealings with others.
@Steven Roper
"Sorry, my sarcasm meter must be broken. In what way is it obvious that a banking app requires access to one's contacts list? My business with my bank is managing my money, not my dealings with others."
I would expect it's do to with PAYM:
http://www.paym.co.uk/
I'm with NatWest and when I use PAYM, my contacts appear within the app so I can select the person I want to send money to.
I can't see how this could work securely unless the banking app could access my contacts.
"I can't see how this could work securely unless the banking app could access my contacts."
In Android, it is possible to ask permission on a case-by-case basis, so the app could be blocked by default and ask for permission only when you actually try to use the service that requires the information.
That would, of course, encourage customers to think about security. Perhaps some banks reckon it is more profitable to scare away the security-conscious customers in favour of those who just do as they are told.
Regarding PAYM - that still seems rather invasive as well as a rather roundabout and potentially insecure way of making payments to me. When I need to pay someone, regardless of whether I know them or not, I login to my bank's online service, select Make a Payment, and enter the amount, BSB and account number of the person I wish to transfer money to.
The service then offers me the option of storing those details in its own database in case I want to make another payment to that person later on. In this way, the bank builds up its own "contacts list" which relates to people I have paid, with no reference to people I just "talk to."
I would prefer my bank to store its own contacts list instead of using the one on my phone, because it has dedicated PCI-compliant security measures to protect that data. My desire not to give my bank access to my contacts is not about me worrying that my bank manager might find out I've been bonking his wife or something, it's more that my phone contacts list is not as secure as a banking system and could be compromised by malware or other form of intrusion, such that a payment I intend to make to a friend gets redirected to a scammer instead. At least with a contact list maintained by the bank under their own system, they have better control over who can access it and how it gets used, which is simply better security all round.
Also, even if there *were* reasons why your bank might be interested in your contacts, it is a clear violation of the principle of least privilege for the banking *app* to be interested.
So, with the banking app having clearly indicated that it was, at best, badly implemented and, at worst, downright malicious, the banking app gets told where to get off.
Since you seem to be in the know, can you please enlighten me why on my Android v6 LG phone I can not change the ringtone for an alarm (basic settings, factory default) unless I give the app access to my photos ?
Witch hunt you say ? Application not doing dodgy things ? I will refrain from insulting you since you already did it yourself.
"can you please enlighten me why on my Android v6 LG phone I can not change the ringtone for an alarm (basic settings, factory default) unless I give the app access to my photos ?"
While I get what you're trying to point out, rubbish example (with some twisting to suit your needs).
First, to correct the facts: It's not asking for permission to access your photos is it? It's asking for permission to access external storage? (Screenshot required if you want to argue this, because last time I checked, Android doesn't have a photos permission)
Now that's cleared up, your question has an easy answer: where is your media (that you probably want to use for your alarm) stored?
"This fear that people have about every app doing dodgy things is getting out of hand..:"
"Fear"?
Some people call it "experience" and if the commenter is naive enough not to realize what actually happens to the data collected, he's dangerously naive. There is only one reason for any application to collect anything and it's always the same: Money.
..."it's almost becoming a witch hunt - it's completely obvious why your banking app would like access to your list of contacts."
Yes, they will sell it to anyone who wants to pay anything for it. That's obvious and observed reality: It's money for them and almost all of it pure profit, the effort to collect the data is basically zero.
Now tell us why a corporation/app maker wouldn't take free profit every time it can?
Is there ever such a situation?
Anyone believing in "corporate honesty" is just dumb, in my opinion. Corporation has only one goal and it's money. Unless there's legal cost surpassing the profits for selling all of the data, all of the data will be sold. Every time, in every company.
When the state (=NSA) says it's totally legal to spy on your digital footprint all the time, the flood gates are open for corporations for doing the same thing, for profit. And yes, there's a lot of profit to made when cost of data collection is practically zero.
I have on several occasions gone to install an app and changed my mind on reading the requested permissions list. I do check updates as well - the US T-Mobile app (pre-installed because that's where I got the phone) keeps wanting me to upgrade it to something that claims it wants access to my microphone and camera. So I keep declining the upgrade.
I'm using a Wileyfox Storm and CMOS 13.1.2
I've gone into the privacy settings for the google play app and although I'd already turned most things of or set to ask... wifi and coarse location were still enabled. It has asked for coarse location info 41 times since I upgraded to this version of the OS a couple of months ago, but the wifi sniffing had been used some 157334 times in roughly 8-9 weeks.
To me that's unacceptable and I turned them both of.
I then loaded the google play app and got 4 warnings repeating that 'google play has stopped working' each time the app continued to load in the background and I was able to check and update one of my apps without it actually failing or stopping the app.
I guess the only people that 'can't' stop it from sniffing your location are those that didn't buy a phone with the CM OS installed... or have yet to root/mod their phones and try something with serious privacy controls built into it.
As ever it's down to the user... allow everything you do to be tracked, monitored and sold on to allow (insert whatever corp you like) to monetise your private interests and information.
Personally... I'm one of the people companies like this hate. I go out of my to fudge and obfuscate any information they might actually glean from me, and have NEVER and I do mean NEVER purchased or clicked on a link from any kind of advertisement that's fed through any app or 3rd party website (IE, I'm on a non retail website and obviously not looking to buy something).
I run script, cookie and ad blockers, use a VPN so often end up with those random ads that do get through being in a language I don't read/speak.
Frankly I'm amazed that everybody doesn't do the same things.
"Tip, nobody uses your data"
Anyone who can sell it, will sell it. And you make yourself just stupid claiming no-one is using the data: There's no way you can know.
Also, when a corporation buys data, it will use it, for something. Unless commenter, corporations aren't that stupid.
I was thinking of getting a new phone. A one plus three, a galaxy s6 or a Priv looked good. This story reminded though why I don't trust Google anymore. Silver edition passport it is. Or maybe a 950XL a it has been replaceable battery but need to check level of spyware baked into windows 10 mobile.
A few months back I was attempting to explain why a daft byod geo-fencing suggestion was fundamentally flawed politely suggesting an alternate suggestion to an otherwise perfect idea from the PHB. Didn't succeed, so when the feature proof of concept arrived, I made sure that my geo-fence violation came from Buckingham palace (context: not my hemisphere).
Got some pretty weird Google now updates for the next week or so.
Isn't this the every growing closed "app" into which Google is embedding ever larger chunks of Android functionality, rather like a (closed) SystemD for Android? No doubt at some point it will grow to the point where it *is* effectively Android, at which point Google could dispense with the Linux kernel. (Last time I checked, manufacturers are required to include the app to as a condition of using the Android name.)
Ostensibly this use of the app was to allow patching of devices that were not receiving core Android updates. In practice numerous applications that refuse to run if GPS (the app) is not running, including many official apps such as Google's Gmail and Calendar apps, even though it is not clear why they should break (GMail actually displays emails etc. before popping up a dialogue insisting that the GPS app be re-enabled), or why they cannot fall back onto "open" Android APIs.
It's interesting that Google Maps runs fine without GPS (the app), even though it ostensibly provides supplementary high resolution location services. Looking at the services provided, it seems that GPS (the app) can provide location information even if GPS (the service) is disabled, using WiFi location data. Perhaps the name of the app is no coincidence if both it and Google Maps are phoning home with tracking information.
There are many alternative apps that don't rely on GPS (the app) such as K9, Etar, etc. (and you can use Osmand instead of Maps, and an app to update AGPS data, such as SatStat) but it is rather annoying, and troubling, that many do, including Signal (ironically in the interests of "security", and for push messaging, even though ChatSecure seems to function just fine without it, including deferred delivery for intermittent connections).
[You can run a phone without Google Play Services (for now), but fun may follow if you try to disable to the Google Search App: that breaks the default home screen, leaving you with what appears to be an unbootable brick, until you phone yourself, and re-enable the search app while answering the call (not the most obvious or easy-to-find solution), and then find a launcher that allows Google Search to be disabled.]
Google Play Service is used among many things - for Google Cloud Messaging - recently renamed Firebase Cloud Messaging. Yes other apps will work fine without Google Play Services if they implement their own connection to their own servers - now let me tell you why that is bad. Android has ALWAYS had a 24/7 connection open to Google servers (initially for Google Talk, but things like Calendar and Contacts updates came down the same connection). If EVERY app used Google Play Services to rely on Push Messaging, then every time your phone loses connection and reconnects to the network, only ONE permanent socket needs to be re-established, but if everyone uses their own delivery system then on every re-connection to the mobile network - every single socket needs to be re-established. This is terrible for battery efficiency. (As of Marshmallow onwards, every app that needs it's own servers for push messaging will also need to be excluded from Doze, in order to still work when the phone is Dozing)
I have a Nexus 4 running Android 4.4.2. When I disabled Google Play Services ( a battery hog), the scientific calculator app (RealCalc) gave me a popup that said it couldn't obtain a licence but at least I can Cancel the popup and use the calculator. With Touch Calendar however, it says the app licence can't be verified and gives me the choice of Exit or Buy App.
1) One cloud is a single point of failure
2) I don't trust Google with my Apps data
3) Actually I mostly want apps that are just 100% local, never app replacements for web sites.
It's time Google, Facebook, Microsoft etc got a kicking from governments & regulators.
"It's time Google, Facebook, Microsoft etc got a kicking from governments & regulators."
Won't happen as the government is one of the big users of that data. Totally legal surveillance in large scale and it doesn't cost anything at all to government. Perfect, for them.
Combine automatic arrests and questioning á la NSA and you have a modern version of Stasi.
East Germany was ahead of its time, about 30 years.
And in the days before Android, Symbian did the same type of think at the network layer. Clever connection management can keep established connections alive and allows batching data transfer when the GSM radio is fired up. Google's single-funnel solution just happens to be convenient for them.
As for Doze, Sony's Stamina mode has been offering the same, actually better since it works even when the phone's moving, and needing to white list a few apps is brilliant. It's put a solid stop to nag ware apps, especially facebook.
"It's not clear why Google would insist on its app store having constant access to your location . . ."
Apologies to Kieren but that is quite possibly one of the silliest phrases I have seen a written in an article here on The Register.
It is perfectly clear why Google would insist on the App store having location access and the anecdote presented shows this. Google are a company whose main source of revenue is ads (unless I am seriously wrong) and the more they know about people, the more 'targeted' those ads can be and thus the more valuable they are and the more money they make.
Of course, that's only an explanation of why Google would want to always know where you are - the reason it's the app store is because (again, as the anecdote shows) this is something ordinary users are not likely to suspect or check. It is also critical to the functionality of the devices because, unless you perform a bit of trickery unlikely to be employed by an average user, that's the way you get apps on you device.
Your point is fair enough - but the article itself is wrong - it's not the App store that needs the location data, it's Google Play Services - and as any properly coded app that uses location requests location through Google Play Services - if the App Store was requesting location - it wouldn't even show up in the battery list as a high battery user.
What do you mean by "properly coded" Andrew? The article mentiones either using an Android API or the Google Play one. Is it wrong? Is the Android one deprecated in favour of the proprieatary one? Because to me it sounds like the proper way would be to use the Android one, avoiding a dependency on Google. Surely that gives you wider coverage (of devices) and more resilience (not dependant on a third party).
The alternatives to targeted advertising, which as you note is more valuable to advertisers (so pays better) are:
* You get bombarded with irrelevant ads in a more annoying way (more of those autoplay video ads, JS popups etc) because it's the only way they can get advertisers to pay them enough to afford to pay the bills
* You end up just paying for content instead of the internet being full of free stuff (no one wants to do this)
So to be fair I can see why they do it. They money has to come from somewhere. Ideally we'd have something like Google Contributor so you can pay the equivalent of what sites would've received for showing you an ad, but surprise, it's never got off the ground (because no one wants to pay for content)
I assume if the guy went to McDonalds it's because he likes McDonalds and wants to eat there. The fact his phone can figure this out and offer him some help is a pretty cool convergence of technology. I hate most adverts because they are so stupidly not relevant to me. If this can help actually deliver marketing info that I'm actually interested in, right when I'm at the shop, well that sounds fantastic to me.
Sorry to not jump on the 'horrified!' bandwagon, but I think you're all being Luddites, which for a technology site, is pretty sad.
Absolutely, there are government agencies who are so interested in your movements that someone at Google will single you out for a damn good sifting.
Or, it's just a machine that says "Oh, hey, your location matches the stored location for a McDonalds, let me fire off some pre-assigned action". As a side effect they now know you're a McDonalds visitor, which just means you'll see McDonalds adverts and vouchers instead of those for health food shops.
It's not even all take - install Google Opinion Rewards and they'll even be pretty upfront in saying "Hey, we think you went to Tesco yesterday - what did you reckon?" and give you a few pence. I've had fifty quid in two years out of them for that.
We have no problem in you opting in to sharing such information with any organisation that you choose if you are happy to do so. Is it really so offensive to you that some people think that a macca's menu isn't enough of a "pro" vs the "con" of slurp watching you 24/7?
The "horror" is that he explicitly said he didn't want to share his location data and it didn't respect that.
Sure, you really need an app in a McDonald to read the menu and order.... that's a true disruptive use of technology. Or maybe you can enter a clothes store and look at clothes on your phone, instead of actually wear them and fill how they look and feel on you, what material they are made of, etc etc. Very smart and disruptive. And of course instead of walking around and look around, meet people, etc. you can keep your nose pointed at your mobe and make Google happy, and go where it tells you to go (Pokemon is just a preview, believe me....)
"Sorry to not jump on the 'horrified!' bandwagon, but I think you're all being Luddites, which for a technology site, is pretty sad"
False accusation: You can be all Stasi without phones too, it's just much more expensive and a major effort.
Also: It's not the technology, it's about the use of said technology: Instead of being used for you, it's used against you.
If the commenter doesn't realize what is the difference between spying and being useful, there's not much anyone do to help.
I have yet to receive any of that. True, I have had "Buy more of what you just bought" or "other people are buying this" (as if I give a shit) and "people who what you just bought also bought these" (ditto).
Happy to be a luddite
"This is because Google Play services passes on your location to installed apps via an API. It also sends the information to Google to collect and process. Google doesn't want you to turn this off."
Of course you can not turn off a location permission for Google Play Services because it is the source of location information not a consumer.
The 'Location' section in settings determines how and if Play Services establishes the device location. The 'Google Location History' setting controls Google's recording and remembering of your location.
If you have ever agreed to the otherwise constant nagging to use 'High Accuracy' location mode (which is a lie) then Google will constantly record your GPS location if it is enabled and all the WiFi APs you can see and send it all to Google (claimed anonymously) to help them maintain their WiFi AP location database. The only way to remove this nagged for permission is to delete all Play Services data from the App settings.
If your Android device with location enabled connects through a WiFi AP Google being the fuckers they are will use that information to accurately Geo-locate your AP IP address without asking. Google search on my PC knows which small town I am in while some other geo-location services are not even getting the country right.
The above assumes you trust Google to do what they say they do - which I don't.
The problem with "Don't be evil" is that evil people never think that's what they are. It's not like in the comic books or movies where the supervillains enthusiastically claim the title of "evil." The greatest evils in history were all perpetrated by people who thought it was their victims who were evil; their oppressors regarded themselves as misunderstood visionaries that "did what had to be done" to get to a better world.
Now, of course, Google hasn't done anything THAT evil, but the basic idea holds: they don't consider what they are doing evil, whatever that may be. There's always an excuse as to why it's actually good to do whatever they're doing.
I would have liked to be a fly on the wall in the meeting when they decided to drop that slogan.
"So far we have been running a strict 'no evil' policy but how much evil could we realistically allow? 10%? 40%? Are there times when we would need to ratchet it up to 'total evil'?"
It may be that they won't function as Google intended, but they will function as I intend them to, meaning not at all.
Google Play is not something I have use for. It is never called on and I have disabled updates on it.
Turning on GPS, WiFi and mobile data are things I do when I need them, not when the phone goes on.
It's a fucking phone, not an extension of my life.
I’m gonna get downvoted to hell but here we go anyway……
Putting the power usage / battery drain aside, the biggest issue in the comments is that you don’t want data going to companies ‘cos they might send you targeted ads. Oh the fear of getting an advert on a website which is funded by serving ads. So you inconvenience yourself by turing off location services so you don’t get targeted ads but other ads that are just random. I guess most people on this forum will be using blockers, ghostery, etc….. so most ads and tracking data are removed in any case.
In the instance of walking into a McD and being presented with an opportunity to download an app, this will be via a beacon using BLE, not GPS or WiFi locating.
The sky’s falling in because Google tracked me walking into the tin hat store.
"the biggest issue in the comments is that you don’t want data going to companies ‘cos they might send you targeted ads. "
Totally false: You don't want "data", i.e. personal details, collected at all. For any purpose. By anyone, ever.
Which part of this 'privacy' thing is totally alien to commenter?
The article is about location data, not all personal data. Of course there is sensitive data that needs to be handled appropriately.
It also references a security bod who 'almost had a heart attack' because the phone knew where he was. Seriously, how the hell can he work in security (I assume IT not in-store) and not know about this stuff. Maybe he should get another job or lay off the burgers.
Location data is also "sensitive data that needs to be handled appropriately". If someone collects data on where you are, for how long, etc. they can get a lot of other data about you. If I know you visit a cancer treatment center every few weeks, then are at home and don't touch your phone for the next 48 hours, I can make a good guess you're getting chemo treatments. If before going there you stop off at a flower shop, I can guess you are visiting somewhere there, etc.
That's why I still have & use my 2009 Black-Berry phone. Simple, not giving out too much info etc. I think you know well that Gooogle, FB etc all work for the big brothers and uncleSam. Everything you did or said it is saved (even if you delete accts) and they keep this for the future so they know how far you can go. I have deleted years ago FB, G-accts and few more. Never give them real-names. We are very close to the events that are well explained in the S t John Rev-elation. In fact we are at the end of chapter 12 now.
The phone can get pretty good location fix from the phone network and from the list of nearby wifi networks. For example, having a wifi named "mcdonalds free wifi" is a pretty good indication of where the user may be. So don't expect that turning GPS off will make it harder for the phone to locate you.
While you can't turn the radio off that allows the making and receiving of phone calls you can, without affecting the utility of a telephone terribly much, turn off WiFi (which you probably should do when not at home anyway), turn off Bluetooth (unless you are actively using it), turn off data (ditto) and, of course, turn off GPS. These save both battery (WiFi, data and GPS are big battery hogs, Bluetooth less so), probably some money (Android can have a certain background level of data use which might affect your data allowance) and will certainly make it harder for Google to find your precise location.
When you need to use the things, all it takes is a quick swipe and a tap to turn them on. Turning them off can be harder (particularly Location Services, which always seems to need a reboot to be certain it's off) but it really is worth it.
I would rather have a phone with 90% battery left at the end of the day, meaning that I can call home and ask them to put my dinner in the oven, than a phone with 10% battery left at the end of the day because it has been logging me as confined to the environs of my office for the previous seven hours - and struggling to do so (i.e. using oddles of battery) because both data and GPS signals are weak, and wondering whether it's worth making that phonecall or whether I should save that charge just in case I need to make an emergency call during my 75 minute journey home.
M.
Of course I have standby chargers. The phone will charge from 10% to 90%+ in the car during my journey. Making a point, don'tcha know?
I don't get this obsessive concern about your privacy being invaded by your mobile phone. Does it really matter if your phone knows where you are? You're happy for your phone to know where you are when using Google maps and any weather app. So unless you're a high value sought after criminal wanted by the FBI, get over your unimportant selves thinking you're someone special that actually needs their location kept a secret, and ditch your scary spy-phone and go buy yourself a second hand Nokia 3310, buy yourself an AA map and watch the weather forecast on the TV
If you don't care, that is fine for you. Feel free to enable all the snooping options. But some of us do care about our privacy.
Partly it is just because it is my data, and none of anyone else's business. If they want to buy it from me with an offer of some benefit in exchange then fine: I will consider the offer and take or leave it as I choose. But they have to be clear and open about it, and I have to have a free choice.
Also it is a matter of principle. It is unlikely anyone really cares about my data. But there are plenty of people for whom this control is vital. Even just for location the list is long, such as journalists, political activists, abuse victims, whistle-blowers, celebrities, etc. If you include control over contacts, audio (microphone access), communications (access to SMS and email) and camera you can extend the list to all doctors, lawyers, politicians, CEOs and anyone with knowledge of a secret that might be worth money to someone.
By making sure that everyone has, and routinely uses, full control we allow those people to have the control they need (and without drawing attention to themselves by using it).
I think this maybe illustrates a generation gap. Privacy should be the default but increasingly it seems that people don't understand this.
Sharing/snooping/tracking/whatever you want to call it can be abused, no matter how benign the original intention, or whatever conveniences it provides in some cases.
I will turn location on if I need it, then turn it off again. I will not download apps that want access to the camera if it's not obvious why. etc.etc.
And no, I don't turn on GPS/location when using Google Maps unless I need GPS, which I rarely do.
It's not completely paranoid, it's just best practice to err on the side of caution.
And no, I don't turn on GPS/location when using Google Maps unless I need GPS, which I rarely do
And to be even safer, get rid of GoogleMaps and install OpenStreetMap instead. It's not at all bad these days.
M.
Nope, still no real answers, so I rest my case an just say that if you want to spend a fortune on a smartphone and then disable all the enrichment it provides because you don't want it to know you're a frequent visitor to the STD clinic then carry on, I don't car, and no one else does either.
well, I was unhappy with how Google Maps wanted to serve their offline maps (only limited number of them, for a LIMITED time), so... uninstall. Then, with a mod OS, Google Play was found out screaming LET ME OUT, LET ME OUT!!!! So I did let it go too. Then, a few others apps started complaining, and they went too.
Sadly, the Signal app is one of those that "won't run without Google Play services, which are missing from your phone. GET GOOGLE PLAY SERVICES." While it whinges and every few months does refuse to work any longer, wanting me to go to google play to download the updated version, it does resume, when I install an update from other places (which is a risk). There's an interesting threat somewhere, related to f-droid and Signal, where the developer behind Signal, after all, paranoid about privacy, does concede that he'd rather trust google than let his app go and be available from other sources, which could make it vulnerable to... 3rd party modifications, shall we say. Very interesting, and he does have a point, although it is ironic, that to protect user privacy, he's kind of forced to rely on - Google. Who watches the watchers, whom we know, are leechers?
Has no one come up with software which will send bogus messages in response to prying, rather like the user agent switchers and maskers that are available for browsers? While this wouldn't prevent the use of triangulation, at least it would be possible to fight back a little against invasion by wi-fi, bluetooth and GPS.
If the security expert is bothered about privacy maybe investigate McD slurping of phone numbers
In UK I tried (and did not) to make use of McD free wifi
However when you "conntected" via phone, could only get onto their network if you let them have various details - so not exactly free wifi as you pay with your information.
(Disclosure: - I was not (& never am / have been) a McD customer, I had no signal on my SIM and needed wifi so I could use make an urgent phone call via wifi make a call functionality as no call boxes around)
wow, what a disclosure! Just in case anyone was judging you for eating McDonalds....
From the McDonalds WiFi FAQ:
"We also require personal information at login to comply with European Data Retention directive"
http://www.mcdonalds.co.uk/ukhome/Restaurants/Free-WiFi/Free-WiFi-FAQs.html
So aren't they forced to ask for your details?
So aren't they forced to ask for your details?
As a counter-example of (arguably) doing it correctly:
Premier Inn's free wi-fi doesn't require a phone number; it doesn't require that the name you give matches the name you booked the room with; and it hasn't yet sent any spam to the address I signed up with.
This post has been deleted by its author
I'm utterly bemused by the amount of shock horror on display here. This is how your Smartphone ecosystem is funded surely, by "monetizing" you, sending you a few adverts based on your habits and likes. Apple fund theirs by charging a massive amount for hardware, but Google don't make a hell of a lot of handsets and in the main, the ones they did were pretty cheap.
Am I quote so odd for being a tech-savvy user yet understanding that I get benefits from sharing locations details? I filled out my mileage forms yesterday by scrolling back through my Maps Timeline, and I can almost feel readers keeling over at the thought of me having that turned on. No, I can't remember where I was last week. Yes, I could have a little notebook in the car to jot it down. No, it's not 1988 so there's technology that exists to solve that problem.
I like getting a notification saying the road I'm driving down has a huge jam on it and suggesting another way. You guys know how Google aggregate driving times, yeah? By your phones reporting back speed and location.
I still can't see a single downside. There is nobody at Google assigned to track my location and burgle my house when I'm out, I generally don't do naughty things so don't risk my phone being used to incriminate me, and actually if Google Play gets location data and apps use the proper APIs then it's much lower battery use than apps getting it individually.
But this is TheReg so I'm going to get downvoted because I don't routinely wear a tinfoil hat and believe that all software should be created by beardy volunteers and be totally free. Did I read this week that Open Office is going down the tubes because people like to be paid to work?
@ Chris 125, choice is very welcome. If those services are useful to you, and you have chosen to use them and pay the price, that is fine. Is it not obvious to you that there are other people who do not need/use those services and hence are not willing to pay (with private information) for services we don't use?
I still can't see a single downside.
It is about protecting choice, so those of us who wish to decline some offers and accept others can do so.
Would the price still be fine for you if Google said the only way they would offer the services is if you agree that they can record all your conversations (not just calls) and publish them on the internet for everyone to listen to? I am sure you would decide that was not a price worth paying. What if they said "OK, we will only allow companies who have a business relationship with you to have copies of all the conversations". Probably still not acceptable. What about "OK, we will only give them access to conversations where their company name is mentioned". Maybe you would think about that. Or "we won't give them the actual audio -- we will analyse the conversation and give them the gist of it". A few more people might agree to that. Or "we will not summarise the conversation at all, just tell them that you were talking about them". Several more would sign up.
My point is that we all have different assessments of the value of our privacy. No one is comfortable with no privacy. Your assessment of the value of your private conversations will be different from mine. That is fine -- but we should all be able to make those trades at the price we are willing to pay.
@ Chris 125; "Did I read this week that Open Office is going down the tubes because people like to be paid to work?"
Nope. What you read was that OpenOffice is going down the tubes, and you filled the rest in yourself to suit your argument.
The real reason that OpenOffice is having trouble getting support is that a critical mass of the community shifted to the LibreOffice fork several years back (when Oracle's post-Sun foot-dragging and mismanagement proved to be the final straw.)
After some time, OpenOffice was eventually handed over to Apache, but by then LibreOffice was established and it- and the community- had moved on.
I think most contributors recognise that there's no real sense in wasting effort maintaining two forks covering the same ground and that since LibreOffice is now in the stronger position, it's better to contribute to that rather than OpenOffice. Doesn't really matter beyond the name, to be honest.
LibreOffice is still going strong. Thanks for your concern, however!
(Of course, I'm assuming that you're genuinely ignorant of all this rather than intentionally feigning it. That being the case then, I'm not sure how much value your pronouncements on such matters have.)
Sorry, but ios tracks ALL your movements too. Furthermore, they did not even notify users they were keeping that record. Here, read it and be warned, Apple is just as bad as Google.
https://blog.kaspersky.com/ios-tracking-setup-part-2/12800/
And tutorial on all settings: https://support.apple.com/en-us/HT203033
"Apple is just as bad as Google" - fandroids, totally missing the point as usual. On iOS you have complete control over what tracks you and what doesn't. If you don't want something tracking you, just turn it off - this applies to all apps, all system services, everything.
I'm getting towards the end of my "working relationship" with my iPhone, and was considering going back to Android but no. Enough now with this bullshit of having to allow mobile apps to access my location or other things in order for me to use them.
So my lunchtime now will be spent getting the oldest Nokia I can find that will support email but won't allow me to download crap I don't need.
"since you have an iPhone (as opposed to an Android phone) you don't have to do that at all. Just spend a few minutes in your settings."
Don't part quote what I said just so you can have something to base a comment from. I said I'm coming to an end of using the iPhone - i.e. getting rid of it. And it's laughable to suggest that there is any thread of privacy on an iPhone compared to Android. There's plenty on the iPhone that phones home etc, or Apple can access regardless of what you do in the settings.
Don't tell me what I can and cannot quote. It's my comment, I'll do whatever I like. If you don't want it quoted, don't write it.
On iOS you have complete fine-grained control over what apps and system services can and can't access. On Android you don't, as demonstrated by this article. So it's not laughable at all, and you're wrong I'm afraid. But why let facts get in the way of your hissy fit.
Over the last few years I've been doing the dad's taxi thing. Taking the kids to various friends' houses.
Being fairly clumsy fingered I just put the postcode into the device, not the full address.That identifies the street and can look for the house number myself. Yet even when going to a place I've never visited before the device will all too often identify the correct house for me, ("In 30 yards your destination is on the right") even sometimes showing me a picture.
Now that is very impressive, and I guess makes the task a tad easier.
But it's still very creepy. Call me a Luddite, but I do not like it one bit.
In urban areas, a post-code might well identify a group of addresses that mostly within 30 yards or so of each other. Combine that with your entirely human tendency to remember the occasions when it was (by chance) scarily accurate and I don't think you have anything to worry about.
Of course, if this is happening to you and you live in sparsely populated country, you may have a point.
"When the whole postcode delineates one city street and the satnav takes me to the precise house. And when this precision extends to knowing which side of the road we can rule out simple coincidence."
Unless the street is shorter than average, it's likely to have more than one postcode covering it. My street has one postcode for the northern part, another for the middle (covering just two houses!), and a third for the southern part. If it had house entrances on the odd side as well as the even side, it would probably have another two or three posttcodes to cover those.
Google or anyone else is not looking directly at who anyone is. It is a mass tracking system with millions of users. Nobody would have the time to manually look at each individual, and then for what direct purpose? This would take more than a lifetime. I would not think the system is even set up that way. If someone who had access to get in to their tracking system, they would certainly require the phone's ID such as the user name just to start to make a basic search. The info is all encrypted to begin with.
I know from what I've read in business publications Google and other companies sell demographic information. They sell information about the average user shopping habits like what products people are buying, and where they do their buying. Women and men each have their own types of shopping habits on the average. They want to know things like how many people are buying pet food, and the ratio of quantity for dogs or cats, and in what areas of the cities. They like to know in the various areas what income level of people tend to buy what product types. In the various areas the types of foods that are being consumed the most.
We have to consider when we use Google we do not pay any fees to use their services. There are other services that are also tracking us and we do not pay fees to use them. We get a lot of music, news, and videos from these services on our computers and on our portable devices. Someone has to pay for this. I would rather them do what they are doing than having to pay out fees every month for everything I access.
This type of info has value to advertisers, product distributors, and marketing companies. They are not interested directly about each individual. With the millions of users out there who's shopping and their travel habits are being monitored it would be a lifetime daunting task to start looking at them one by one and taking note of each one! And then who is going to read all that info? This is all done by computers using AI systems. They are generating consumer density maps, and huge bulk consumer data lists in numeric sequences. The various product retailers can then determine the required quantities and types of products to place on the shelves for consumers to purchase at the various locations. In a way in the end we also get better supplied services from these retailers.
My annoyance would be the battery usage from apps that I would not need to have tracking. I am using a Blackberry PRIV. I have not found any problems with battery usage. I did notice that when I use Google Search, at below the entry prompt I am seeing where I have been, and where I am. I also sometimes see suggestions. I was in a dining place just the other day, and when I opened Google Search it told me where I was, and if I would like to see their menu on their web site. It also told me where I last parked my car. It also made suggestions about the closest place I can get the best price for gasoline. As I scrolled down I saw more suggestions and more info about my activities.
Another one that may surprise many people. Our debit and credit cards are also being tracked in a similar way. They know the types of purchases, amounts of cash withdraws, and etc. Many of the large retailers are now taking electronic photos of the customers when paying out at the cash in their stores. Their systems are correlating the customer's face with their credit or debit card. They are also tracking the purchases. This is how they know what types of advertising to direct to the customer. They also add this info to their security system so they can know who their customers are. The security systems of today use bio-metrics to ID people from their collected database. Even many types of consumer photo cameras are capable of using basic bio-metrics to ID people. Our smart phones are capable to use this type of system.
Google had a circles app called Locations which is meant to share your location with others. It is routinely hours out of date and wrong by miles even with WiFi activated. It is effectively useless. If that is an example of 'precise Google tracking' then nobody has anything to fear. Until they get a better intern to update the code.
Nexus 5X here with Android 7.0 on.
Location for the Store is "off" and I didn't' turn it off, it's just "off". I didn't see any request to enable it either....
The only thing I did note was that I had Developer mode "uncovered" before the 6.0-7.0 upgrade, but it was disabled. Post upgrade, it was ENABLED and "Automatic system updates" were enabled...
This post has been deleted by its author
"Security researcher Mustafa Al-Bassam reported on Twitter that he "almost had a heart attack" when he walked into a McDonald's and was prompted on his phone to download the fast food restaurant's app."
Was that such a major thing to have almost a heart attack over in 2016? I would of looked at the phone and said, "Oh, an invite for an app." push cancel then order my Big Mac meal unbothered.
We give our outreach staff mobile phones, which they use for client contact and as a hotspot to connect back to our network. Much more secure than using WiFi. We run a security app that allows us to ping and locate the phone if it's reported lost. This needs location on to work.
We could simply do without the locate ability and remote wipe the phone as a first response. However, that would burn through phones pretty quickly. We usually figure out where the lost phone is and the user recovers it. If however it's wandering off somewhere unexpected, we brick it STAT.
I'm not sure what the big deal is. The researcher is more likely to get a heart attack from eating at McDonalds than from Google. I turn off location by default not because of my tinfoil hat but because it drains battery like nothing else. I only enable it when I need it. And most of the time, when I enable it, it's on the GPS setting not on High Accuracy.
You can turn off Location History on your device and see all the apps that are requesting location services. I wasn't aware that denying location services from the app from settings would not prevent the app from getting location from Google Play Services. If that's the case, then it should be easily fixable by Google - by denying location from any app to which you have specifically denied access to location. If Google stops this end run, then I personally have no problem with Play Services itself using location.
that allows me to toggle my device from being an all encompassing, eavesdropping, life-snooping, hand-holding, comfort blanket communication device, to being "just a phone". It seems like a simple idea but I am almost certainly missing a load of reasons why this is utterly impossible. I am almost 60 after all, and haven't yet grasped how essential 24-hour, uncontrolled Google/Facebook coverage is to my very existance..
I leave GPS enabled, along with WiFi and Bluetooth, all day long for usability reasons.
Like most consumers, I use my smartphone for directions (Google maps), streaming music in my car (Spotify), shopping (Amazon), photography, surfing the internet, Email (Google Apps for my Domain), Social Media (FB, Twitter), messaging (FM Messenger, SMS, Whatsapp), and phone calls.
It's a Huawei, so no doubt backdoored directly to China too?
Given that there are several means by which your location can be determined, if you are paranoid about Google and others knowing your location, you might consider spoofing your location, instead of hiding it. If your phone is reporting that the GPS is turned on and giving a good location, Google et al are unlikely to double check.