Is your smartphone leaking your digital footprint without your knowledge?

By Shreyas Bhargave, Senior Technology Consultant, IGATE

Consumerization of smartphones has brought quite a few power-packed functions into the hands of the public – Camera, Bluetooth and Internet along with a bunch of sensors. In no time, consumers also got used to using the phone as a navigation device, thanks to the GPS sensor in it. This resulted in easy availability of location data which in turn prompted the creation of a deluge of location-based services. Further, with Wi-Fi becoming the norm of hooking onto the Internet with wireless routers and access points at homes, offices and public places, pervasive connectivity has come within everyone’s reach. As an outcome of this, it has become a second nature to keep these services running on our smartphones.

Let’s take the example of an Android smartphone and look at some of the generally overlooked features

Scanning Wi-Fi hotspots even with Wi-Fi turned off

The Wi-Fi settings menu has a ‘Scanning always available’ option that is buried under the Advanced Wi-Fi option. As described, it enables Wi-Fi scanning by Google’s location service as well as other installed apps even when you have turned off the Wi-Fi radio.

WiFi Scanning

With this, location data gets collected by detecting the multitude of Wi-Fi access points within close proximity. And, this happens in the background even as you keep performing your routine activities, blissfully unaware of being virtually tracked. This Wi-Fi scanning is a low battery-intensive mechanism to locate a device accurately as compared to simply using the mobile network towers. When multiple Wi-Fi hotspots get discovered in a close proximal range, the location information can be further corroborated using trilateration based on the signal strengths.

Fine tuning the Location Mode to gather additional data
Another option that is activated when you turn on the smartphone GPS sensor is the Location Mode. In the High Accuracy mode that is selected by default, the device keeps gathering location data from nearby Wi-Fi access points (besides GPS and mobile networks) as you move from one place to the other and communicates the same to the Google servers. (And, you wondered about your mysterious data consumption!) This is exactly how a few years ago the Google Street View car was mapping location data in the US along with the Wi-Fi access points detected in the neighbourhood. Though Google maintains that the location data is getting collected anonymously, i.e. without knowing the user’s identity, with a Google account present on every device, the guarantee of anonymity can be anybody’s guess.

Your Location History gets logged and stored
One more feature that Android users must be aware of is the Google Location History – a seemingly innocuous and often unnoticed feature. It uses the Wi-Fi and cellular signals to accurately determine the location even when Wi-Fi is turned off and apps are not running. And, the service keeps sending the collected data to Google servers.

The Location History when turned on, records the user’s movement over a period and the gathered data is tied to the Google account on the device. Astonishingly enough, this user and location mapping data is obtained not only from that one device, but from all the devices registered on that Google account. The detailed travel movements along with the dates and times are captured and can be revisited at a later point in time by accessing the location history for that user. The image below shows how Google has recorded the locations visited by a particular user and at what times during the said period. All this for the anonymous collection of your private data!

Location history

Unlike GPS, the Wi-Fi hotspots do not inherently have their location coordinates. However, their location is reverse-geocoded through a crowdsourcing approach. When numerous smartphones pick up a Wi-Fi signal from a nearby access point, its location gets estimated from the locations of the smartphones. Over a period of time and the volume of data accumulated, the approximation becomes very close to accurate.

Opted-in by default, you got to choose to opt out
Further, the irony is that most of these data gathering functions are configured to be the least restrictive and user consent is usually considered implicitly. In fact, one has to explicitly turn off the option to not share the location data. Some judicious users would be diligent in turning the GPS, Bluetooth and Wi-Fi functions on and off as needed. If it was not for the battery woes though, a majority of us would have kept these functions running all the time. However, there would still be scores out there who do not realize the implications of continually using the GPS or Wi-Fi on their smartphones.

By the way, Google is the not only one who does this. Apple and Microsoft also use similar services for their devices. Besides, a large number of apps downloaded from the app stores may also be capturing your location data in the background using the means mentioned above. Take a closer look at the permissions and you will realize this – apps requiring permissions related to reading Wi-Fi data and identity. Therefore, it is imperative to be aware of the apps you install and their permissions. A periodic housekeeping to delete the apps not in use is also a recommended exercise.

So, what does it all mean for end-users like us?

At the outset it seems we are utilizing these features for our own needs and fancies, however a lot is happening concurrently in the background. Without doubt the features and services based on them will continue to be in vogue and their usage will only expand. One has to though realize that significant amount of data regarding our location, movement and Internet usage habits is getting recorded and collected by the Googles and Apples of the world. Our contribution – the implicit or explicit consent to share the data – is like oxygen for them.

At a minimum, we must be mindful of how, when and whether we really should contribute to them. Just like the ‘data discharge’ produced due to our social network postings, online profiles and Internet usage builds a pool of static information about oneself, the mobile sensors reveal our near-real-time whereabouts. The ubiquitous collection of this data opens up a Pandora’s Box of privacy and security, which has gathered a great significance in the modern times.

In fact, the troika of Privacy, Anonymity and Security forms one of the major areas of concerns in a hyper-connected world. Privacy is the about controlling personal information from public attention, whereas Anonymity is hiding the real identity or the state of being unknown to the public. And, Security reflects protecting oneself from any risks or danger.

Though they are invariably used interchangeably, it is important to understand that each of them is distinct and exclusive. The Venn diagram below depicts that each aspect has overlapping boundaries with the other two. In the real world, while we may want be in any single zone at a time, more often than not we would end up being in one of the overlapping zones marked as A, B and C.

Venn Diagram

That is, we essentially would tend to barter or trade-off one of the three constraints to derive some valuable experience from the other two. At times, we may choose to act in a private and anonymous manner (e.g. direct messaging using a masked identity), in a private and secure manner (e.g. secure online banking from a personal computer) or exhibit an anonymous demeanor albeit in a secure fashion (e.g. responding incognito to a corporate survey). These are random examples only to get you thinking. And of course, as social netizens, we would rather not be well-off in the central zone that symbolizes a cyber-outcast.

Talking about smartphones is just a case in point. Actually, it’s just the tip of the iceberg. As the world gets smarter and the paradigm of Internet of Things metamorphoses into reality, imagine the criticality of your data and its proper use or misuse.

If each of us collectively starts to act and use the options at hand thoughtfully, we will be able to better manage our digital footprints and as a result, our sacrosanct privacy. As much as we are in the physical world, it’s time to be equally cognizant about each of these aspects of privacy, anonymity and security even in the cyberspace.

And, what’s better than taking baby steps from our round-the-clock buddies – our smartphones? Stay alert and stay safe!

 

Shreyas Bhargave IGATEThe author, Shreyas Bhargave (Senior Technology Consultant, IGATE) has over 16 years of diverse experience in IT industry and currently working as a lead in the Technology CoE of Research & Innovation. He currently focuses on exploring emerging technologies such as Internet of Things, Augmented Reality, Speech Recognition, etc. and their adoption in businesses and software service companies.

Leave a Reply

Your email address will not be published. Required fields are marked *