Another day, another way for unscrupulous people (or, you know, the Federal Government) to keep tabs on you.
So what is it this time? It actually has nothing to do with GPS, as you might have expected. Turns out your smartphone’s battery might be the next thing to betray your location to people who want to know what you’re up to.
According to researchers at Stanford University, Android phones have a nasty habit of sharing location data with each and every application installed on the device. The geo-location feature built into the Android operating system tracks your phone’s power use over time, and it can use this data to extrapolate information about your physical location.
Worse: unlike access to the camera, GPS, or microphone, access to power consumption data does not require the owner to provide their permission. It just happens. And, until the issue is addressed, it will continue to happen.
How Does It Work?
The researchers learned to leverage this software quirk by creating a tool they call PowerSpy. They claim that it’s capable of tracking a user’s movements with up to 90% accuracy. More on this later.
Yan Michalevski, one of the Stanford researchers, says that any app—even something innocuous like Angry Birds—could be made to gather this information and send it to a third-party, all without alerting the user that it’s happening. “It gathers information and sends it back to me to track you in real time…and it does it all just by reading power consumption.”
The PowerSpy method works because of a very simple truth: cell phones use more power the farther they travel from the nearest cell tower. Obstacles such as buildings and mountains can also play a role. Regardless, by drawing correlations between battery drain and environmental factors, the results can be eerily accurate.
Let’s (Not) Get Hysterical
Before we go any further, let it be said that I’m not trying to create hysteria, I’m not trying to turn you off of Android smartphones, and I’m not trying to get you to stick around on my site by writing sensational content.
All I really want to do is inform. That’s the goal of Michalevski and the rest of his team at Stanford; they’re not making this knowledge public because they have something to gain—they’re doing it because knowledge is, in many cases, our only defense against potential harm.
Because the truth is this: there seems to be a new exploit each and every day that undermines both our security and our trust in technology. It’s actually a little startling to discover just how often we’re in the dark about potential threats; oftentimes they go unnoticed until someone discovers how to exploit them. You may recall a similar story from a few months back about how the gyroscope in your smartphone can also be hijacked.
What Do You Need to Know?
So what do you need to know about this? To begin with, the PowerSpy method is, at best, inconsistent from phone to phone. Most apps take advantage of power monitoring for debugging purposes, which means the more apps you have running at any given time, the less accurate any geo-locating will become. For phones with more apps installed, accuracy in determining a portion of the phone’s path fell to about 60%. For determining the exact path, accuracy was just 20%. Clearly this method is not as reliable as good old GPS.
While Google has yet to comment officially, there’s no reason to think that this was done intentionally. I wouldn’t, for example, compare it to Lenovo’s spectacularly poor judgment. Just think of this as a reminder to never install apps from developers you don’t trust; you might get more than you’re bargaining for.
You can read more about PowerSpy here.
Image credit: Flickr (via Creative Commons License)