Google Play ‘Tracking Android Users 24/7’

The location-tracking features in Google’s Android smartphone operating system are nearly impossible to turn off due to third-party apps’ increasing dependence on them, a computer security researcher has warned.

Users may be aware that specific mobile applications such as Google Maps are tracking their location, but may not know that Android handsets continue tracking users and relaying the location data to Google even if such apps are switched off, according to London-based researcher Mustafa Al-Bassam.

Location tracking

The situation arises out of Google’s efforts to encourage programs to use the application programming interfaces (APIs) – including an API for location services – built into its Google Play store, which it uses to distribute and update apps.

On the one hand, that means that Google Play tracks users even if all other applications are switched off, Al-Bassam wrote in a Twitter post.

“Even if you uninstall Google Maps, Google Play’s background service is tracking your location 24/7,” Al-Bassam wrote.

On the other hand, it means if Google Play’s location services are disabled, location services won’t work on many third-party apps, he said.

“Google is encouraging developers to use the Play location API instead of the native Android API, making an open OS dependent on proprietary software,” he wrote.

Nearby Notifications

Google has been developing the scope of its Play APIs for some time, but users are likely to be unaware of the implications in the most recent versions of Android, Al-Bassam said.

For instance, a Google Play API called Nearby Notifications now allows companies to send alerts to devices located in specific locations, without their having installed any software or approved any specific agreement, as Al-Bassam discovered to his surprise.

“Yesterday I almost had a heart attack when I entered McDonald’s and I had a notification on my phone asking me to install their app,” he wrote.

Another security expert accused Google of “mishandling” users’ privacy, and pointed out that disabling Google Play could render devices unusable.

“You won’t be tracked, but you’ll have to manually update each of your apps, some of which might not even work anymore without an active installation of Google Play services,” wrote researcher David Bisson in an advisory.

Another option is to manually switch location services on or off each time they are needed, which Bisson called an “inconvenience”.

“Damned if you do. Damned if you don’t,” he wrote.

Privacy controls

Google said it provides users with “tools to control how their location information is shared with Google and other apps or services”, including, beginning with Android 6.0, released in October of last year, the ability to disable location permissions for apps including Google Play and Google Maps.

But because many apps are now dependent upon Google Play for location and other services, in practice users may be limited to either allowing Google to use their location data or not using location services at all, said Al-Bassam.

“Kind of defeats the purpose of fine-grained privacy controls,” he wrote.

Google has been the subject of probes by the UK and the EU for its privacy policies.

Proposed reforms to EU telecommunications laws published this week also take aim in part at curbing the data-collecting practices of large Internet companies such as Google.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago