Google can follow you everywhere, even if you explicitly deny permission
Every time you use a service like Google Maps the company requests your permission to access your location if you want to use it to navigate, but an investigation of experts in cyber security organization shows that the company can follow the user, no permission needed.
A cyber security organization research revealed that many Google services on iOS and Android devices store records of user location data even if they have stopped the “Location history” feature on their mobile devices.
Disabling location history in Google’s app privacy settings should prevent Googlefrom tracking each user’s movements; as Google support page indicates: “You can turn off the location history at any time. With the location history disabled, the places you visit won’t be stored”
However, researchers found that even with location history turned off, some Google apps automatically store “time-stamped location data” from users without consulting them. “For example, Google could store a screenshot of the user’s location when he enables Google Maps. In addition, automatic weather updates on Android phones can generate an estimate of their location”, one of the experts said.
To demonstrate the security risks of this practice, the researchers created a visual map of the movements of one of their colleagues, whom they gave an Android smartphone with location history off to avoid collecting location data. Still, researchers found that the map included records of the person’s visits to different places, including his home.
According to cyber security organization experts from the International Institute of Cyber Security, this privacy problem affects about 2 billion of Android users and hundreds of millions of iPhone users worldwide who have used services such as Google Maps.
Google recognizes that it tracks users
In response to the research, Google published a statement stating that “There are several different ways in which Google can use the location to improve the user experience, including locations history, web and application activity, and through device-level location services. We provide clear descriptions of these tools and strong controls so people can turn them on/off, delete them, and delete their history at any time”.
To prevent Google from storing “time-stamped location data” users must disable another feature, called “Application and Web activity”, a configuration that is enabled by default and stores different sorts of information about apps and Google sites of the user.
Once this feature is disabled, it will not only prevent Google from storing location markers, but also prevents the company from storing information generated by search engines and other activities.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.