Google knows how long it will take you to get to work, where you went to dine or what areas you usually move, functions that can make our day to day but that many users do not like too much. If we do not want our mobile phone to have a record of our location, the solution is to deactivate the location services, or so we thought.
A Quartz investigation has revealed that our Android phones always know where we are. Always, and here comes the worrying, even when we have deactivated location services. Google has admitted this practice, although they claim that they have never stored the locations, but they have to do with the system that manages push notifications. In addition, they claim that the system will stop working later this month.
Being always located was this
Almost every day there are new cases of malware on Android that make the concern for our security increase, but what happens when the problem comes from Google itself? That Google collects a lot of data from Android users is not new , but the latter case about the company’s dubious practices goes a step further.
Quartz has discovered that disabling location services does not prevent our mobile from collecting our location. What they do is register the location based on the nearest antenna and send it to Google. This happens every time the mobile in question enters the range of a new antenna, and also applies to terminals connected through WiFi networks that do not even have SIM cards installed.
The location that returns this system is not as accurate as that obtained with location services, but it is possible to obtain a fairly accurate point by triangulation, especially in urban areas where there is a higher concentration of antennas.
Why collect this information? According to Google, it is a function that was implemented at the beginning of 2017 with the aim of improving the speed of message delivery, although they do not go into details of how this improvement is achieved using location information of the towers. This is the official statement of Google in this regard:
“To ensure that messages and notifications are received quickly, modern Android phones use a network synchronization system that requires the use of mobile country codes (Mobile Country Codes – MCC) and mobile network codes (Mobile Network Codes – MNC) In January of this year, we began to see the possibility of using cellular identification codes as an additional signal to further improve the speed and performance of message delivery, however, we never incorporated Cell ID into our network synchronization system, so the data was discarded immediately, and we update it so that it no longer requests Cell ID.MCC and MNC provide the necessary network information for the delivery of messages and notifications, and areclearly separated from the Location Services, which provide the location of the device to the applications.”
Google ensures that this system has nothing to do with location services, the problem is that they do not offer the option to deactivate it as it happens with the location to use. In addition, in its privacy policy , Google does not specify that this information be recorded when the location is deactivated, which is undoubtedly an opaque and quite worrisome practice.
Google claims that the information was encrypted and was not stored in any way, but was discarded immediately. But, as noted in Quartz, the problem is not just what Google does with that data (such as using it for commercial purposes), but what could happen if the device in question is hacked and the information is sent to a third party.
With respect to the affected terminals, there are no specific details but it seems to be a widespread practice since in the report they indicate that the company was collecting data from “all modern Android devices” . Google plans to eliminate this system later this month of November, just now that they have been caught. What a coincidence…