Most Android devices by default (so long as they have Google services, anyway) track the location of the owner. These locations are used for advertising purposes, but also provide useful services to the owner such as motion tracking, fitness statistics, future commute suggestions and more. Those more concerned about privacy may opt to switch off location services, something which is offered within Android and seemingly without any strings attached. Don’t want your location data mined? Disable location services.
Or that is what they would want you to believe anyway.
A report on Quartz shows that this optimistic view is not actually the case, and even disabling location services still provides Google with your location data. Since 2017, Google has been receiving the cell tower data from each Android device which uses Google’s Firebase Messaging push notification service. Google has confirmed the practice but has insisted that the data has never been used or store.
“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery” a Google spokesperson told Quartz when contacted. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID“. It is unclear currently how this would actually help message delivery times or improve on the current iteration of Firebase Cloud Messaging.
Of course, the argument can be made that this data is not hugely accurate and will not help Google obtain any form of accurate location data about an individual, but there are still two concerns with this addition. The first is pretty obvious, and that is that when location services are switched off, they should actually be off.
The second is that while cell tower information will not give the pinpoint accuracy that GPS does, it can still combine location information with other nearby cell towers and calculate a location within a quarter of a mile within the user of the device. The data is encrypted, but can still potentially be intercepted by malware on the device. What’s more, even users without a SIM card were not safe and the location data was sent by calculating the location using nearby cell towers.
Google also states that this is “distinctly separate from Location Services, which provide a device’s location to apps” which is why, apparently, this is okay. There is no way of opting out without removing all Google services from your device. This “issue” potentially affects all devices with Google services, with tablets and phones alike sending the same data to Google. This violation of privacy will hopefully be removed if Google is no longer using the data, but for now the only way to avoid this is to remove Google services from your device.