Sapsiwai - Fotolia
An investigation uncovered that turning off Google location tracking does not fully turn off Google location tracking in mobile apps. What exactly does this mean and what can users do to protect their location data?
A mobile app's ability to know a user's location can be very handy. It makes checking information, such as the local weather forecast, traffic or where the nearest restaurant is, quick and easy, as the user doesn't need to keep entering their location. This is possible because Google Location Services combines data from multiple sources to determine a device's current location.
If a user is signed into their Google account, has Location History turned on, and his mobile device has Location Reporting turned on, location data points will be recorded and saved. But not everyone wants or needs this functionality all of the time, and it's possible to turn off Location History. According to Google, when Location History is off, "New location information is no longer saved to your Location History."
However, K. Shankari, a graduate researcher at the University of California, Berkeley, found that even though she had turned off Google location tracking on her device, she was still being prompted to rate places or submit pictures to Google Maps.
An Associated Press investigation validated by computer science researchers at Princeton University found that, even with Location History turned off, certain apps -- for example, Google Maps -- continue to take and store a time-stamped snapshot of a user's precise latitude and longitude. This information is stored in My Activity and not Location History.
Although Google explained how to turn Google location tracking features on and off and how to delete Location History information, turning off Location History doesn't cover every app and situation. In fact, users also need to turn off another independent setting -- one that doesn't mention location -- called Web & App Activity.
Web & App Activity is enabled by default and configures which information from Google apps and websites is stored in the user's Google account. Leaving Web & App Activity turned on and turning Location History off only prevents Google from adding movements to the Timeline, its visualization of a user's daily travels. It does not stop Google from collecting other location markers.
This is not a bug or a flaw; Google Location History is entirely opt-in. But a confusing GUI and Settings model has created a privacy risk, potentially affecting some two billion users of devices that run Google's Android operating software and millions of iPhone users who use Google for directions or searches.
Location data is effectively a personally identifying attribute, so it does carry a privacy risk. It can be abused to determine patterns of behavior or when best to target a victim. AP created a detailed map of the movements of a researcher who carried an Android phone with Location History turned off.
Users can find any stored location markers at myactivity.google.com, and they can then be manually deleted. Users who are concerned about Google location tracking on their mobile devices need to turn off location tracking in Google's Web & App Activity settings, as well as in Location History, though this can cause some apps to malfunction.
Ask the expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading