Web Users Are Still Being Tracked By Their Smartphone’s Battery Status

A feature in HTML5 used by websites to monitor battery levels of mobile devices has been found to track the online activity of users, security researchers have revealed.

The Battery Status API, a feature first introduced in HTML5, exists so websites can see the amount of juice a visiting user has remaining on their device, and decide to serve a less power intensive version of the site if required.

Fingerprinting

But security experts from Princeton University found that the Battery Status API was being used by trackers as a ‘fingerprinting vector’ – essentially, the researchers found tracking scripts that used the API to ‘fingerprint’ devices, thereby gaining the ability to track that device’s web habits.

Lukasz Olejnik, a security and privacy research engineer, warned that this could happen back in 2015. The World Wide Web Consortium (W3C), which regulates web standards, acknowledged Olejnik’s (and his peers’) research, and a fix was implemented to the Firefox browser.

Olejnik called for new regulations that would allow users to make sites ask permission before they see the battery information, as well as suggesting that more information should be given to users about how the battery status software is used.

“The analysis of Web standards, APIs and their implementations can reveal unexpected Web privacy problems by studying the information exposed to Web pages,” the authors concluded.

But this week, Olejnik penned a new blog post, explaining how the API is still being used to track users.

“Expected or not, battery readout is actually being used by tracking scripts, as reported in a recent study. Some tracking/analysis scripts (example here) are accessing and recovering this information,” he said.

“Additionally, some companies may be analyzing the possibility of monetizing the access to battery levels. When battery is running low, people might be prone to some – otherwise different – decisions. In such circumstances, users will agree to pay more for a service.

“As a response, some browser vendors are considering to restrict (or remove) access to battery readout mechanisms.”

Take our ARM quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago