Delete Google Maps But They'll Still Track You

Uploaded on 2016-09-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google, it seems, is very, very interested in knowing where you are at all times.

Users have reported battery life issues with the latest Android build, with many pointing the finger at Google Play, Google's app store, and its persistent, almost obsessive need to check where you are.

Amid complaints that Google Play is always switching on GPS, it appears Google has made it impossible to prevent the app store from tracking your whereabouts unless you completely kill off location tracking for all applications.

You can try to deny Google Play access to your handheld's location by opening the Settings app and digging through Google Play Store Permissions, and flipping the switch for "location." But you'll be told you can't just shut out Google Play services: you have to switch off location services for all apps if you want to block the store from knowing your whereabouts. It's all or nothing, which isn't particularly nice.

This is because Google Play services pass on your location to installed apps via an API. The store also sends your whereabouts to Google to process. Google doesn't want you to turn this off.

It also encourages applications to become dependent on Google's closed-source Play services, rather than use the interfaces in the open-source Android, thus ensuring that people continue to run Google Play on their devices.

It's a similar story over at Google Maps. Although it makes far more sense for Maps to have access to your location, the latest build doesn't give you a decent option of turning it off. If you do cut off Maps' access to your location, "basic features of your device may no longer function as intended," the operating system warns.

Needless to say, this is not making some users very happy. Security researcher Mustafa Al-Bassam reported on Twitter that he "almost had a heart attack" when he walked into a McDonald's and was prompted on his phone to download the fast food restaurant's app.

Al-Bassam dug into his phone's apps to figure out how that had happened, and was amazed to find that his suspected culprit, Google Maps, was not responsible. It was Google Play that had monitored his location thousands of times.

Again, this is deliberate: Google is using your location to tout apps to you. If you wander into a pharmacy, you'll be offered software to print your photos, for example.

If you're not keen on this, the options are not great: you can either delete Google Maps and/or Google Play, or you have to repeatedly turn your phone's location services on and off as required throughout the day, which is extremely irritating.

"Kind of defeats the purpose of fine-grained privacy controls," Al-Bassam noted, adding: "Google is encouraging developers to use the Play location API instead of the native Android API, making an open OS dependent on proprietary software."

The Register: 

 

« GCHQ To Create A UK National Firewall
Will NSA & CyberCom Split? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Blackwall

Blackwall

Blackwall (formerly BotGuard) is a security infrastructure company focused on protecting web ecosystems from automated threats, while optimizing performance for hosting environments.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

SynSaber

SynSaber

SynSaber is a data collection, detection, and visibility solution that forms the foundation of industrial cybersecurity.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.

Maze

Maze

At Maze, we’re dedicated to changing how security teams understand and act on vulnerabilities — especially in cloud and application environments.