Android stores your location data too

[alexalex]

Android users, don't feel left out.

You may have heard about the way that the iPhone is tracking your every move. Well, it turns out that Android phones do this as well, and likely for the same reasons.

Developer Magnus Eriksson has created what he calls an Android location service data dumper. This is an app that searches Android phones for a location data file similar to the one iPhones use to store location data.

Following the latest days internet outrage/overreaction to the revelation that iPhone has a cache for its location service, I decided to have look what my Android devices caches for the same function.

This is a quick dumper I threw together to parse the files from the Android location provider.

The file contains what he refers to as ?coarse? location data. That is to say data obtained by cellphone tower location and not a more accurate GPS data location.

Here is a sample set of data from the cache.cell file that records cellular locations in the Android file system. You can see that it contains a set of entries that record a latitude and longitude as well as a time stamp.

$ ./parse.py cache.cell

db version: 1

total: 41

key accuracy conf. latitude longitude time

240:5:15:983885 1186 75 57.704031 11.910801 04/11/11 20:03:14 +0200

240:5:15:983882 883 75 57.706322 11.911692 04/13/11 01:41:29 +0200

240:5:75:4915956 678 75 57.700175 11.976824 04/13/11 11:52:16 +0200

240:5:75:4915953 678 75 57.700064 11.976629 04/13/11 11:53:09 +0200

240:7:61954:58929 1406 75 57.710205 11.921849 04/15/11 19:46:31 +0200

240:7:15:58929 -1 0 0.000000 0.000000 04/15/11 19:46:32 +0200

240:5:75:4915832 831 75 57.690024 11.998419 04/15/11 16:13:53 +0200......

http://thenextweb.com/google/2011/04/21/its-not-just-the-iphone-android-stores-your-location-data-too/

[Phouchg]

And people used to call me an idiot when I was like "Google is spying on us for (advertising) profit, all this stuff ain't no free beer from the sky".

Can I now print this article on all pages that are in my printer tray, open a fresh bag of Data Copy and print that all out, too. And then crumple it all and stuff them up into their mouths for calling me paranoid.

I ain't no psycho, just FYI. The inner voice just tells me to do it.

[remixedcat]

and windows phone 7?????

[Jebadiah]

and windows phone 7?????

In the registry. LOL!

[jakem1]

and windows phone 7?????

Microsoft have said that they only store your last known location if you opt in to their find my phone service. I believe this information is polled at regular intervals rather than constantly.

[Stetson]

And people used to call me an idiot when I was like "Google is spying on us for (advertising) profit, all this stuff ain't no free beer from the sky".

Can I now print this article on all pages that are in my printer tray, open a fresh bag of Data Copy and print that all out, too. And then crumple it all and stuff them up into their mouths for calling me paranoid.

I ain't no psycho, just FYI. The inner voice just tells me to do it.

You do realize that both this and the Apple location storage only have to do with local caching on the device, right? Neither Apple nor Google are getting this information from devices.

I'm not sure exactly how the location services work on Android, but on iOS the reason that this is cached is to improve performance of finding your rough location in an area you've been in before. It keeps the information about cell towers and their locations cached so it doesn't have to use up your network connection asking for the same reference data over and over.

[Phouchg]

They might as well cache my emails and tweets after I delete them for improving performance. Utter BS. For example, I don't use location service (unchecked both options at setup) and GPS is rarely on. It collects the damn data anyway. That's how it works.

But ok, let's be straight. I might even agree that caching improves accuracy. The point is - pretty much all fanbois before this discovery would throw stones at me if I told them "Your iPhone stores all your location data". They'd be like - "Mah gawd, you're sick, paranoid, why would they do that?". Now they are all like "But it's totally ok, it's a feature, it's for good reasons".

And don't you tell me that the vendor cannot get that data. iOS is closed-source. No one except the Jobsian empire minions know what's it doing under the hood.

Even Android being quasi-open-source has not been scrutinised enough to find the code that collects this data.

Now now... let's remember iPhone "killswitch". Let's remember Android "killswitch". Let's remember Kindle "killswitch" that has even been pulled already once.

Also, on a rooted device any program can hijack this data. Yes, it will ask for Superuser permission before but I will confirm because it is supposed to be some font changer or something.

Don't know about jailbroken devices, might be pretty much the same thing.

And don't you tell me that I shall not root my device. I have bought the device with my own damn money, including a licensed copy of OS (where applicable) that makes it working.

I repeat: I bought the thing with my damn money. My car doesn't drive me to nearest mart forcing to buy dog food and leave twenty for the beggar without my knowledge. I fear that soon it very well might.

Probably this data collection is buried under ambiguous wording somewhere in EULA, so my outcry is about the general tendency rather than about the this very fact.

All undisclosed actions are to be untrusted. Don't Be Evil.

Oh wait...

If you got something to hide, you probably shouldn't be doing it in the first place.

- Eric Schmidt, American philosopher (1955 A.D. - )

On the other hand, of those who still see the world through their rosy glasses:

So this is how liberty dies... with thunderous applause.

- Padme Amidala; Star Wars Episode III: Revenge of the Sith

[alexalex]

Anyone is using My Verizon app where you are granting access to your SMS messages, the ability to make phone calls without your knowledge or intervention, and the ability to intercept outgoing calls. ?

https://market.android.com/details?id=com.vzw.hss.myverizon&feature=search_result

DIRECTLY CALL PHONE NUMBERS

Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.

RECEIVE SMS

Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.

READ PHONE STATE AND IDENTITY

Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.

INTERCEPT OUTGOING CALLS

Allows application to process outgoing calls and change the number to be dialed. Malicious applications may monitor, redirect, or prevent outgoing calls.

[Anibal P]

They might as well cache my emails and tweets after I delete them for improving performance. Utter BS. For example, I don't use location service (unchecked both options at setup) and GPS is rarely on. It collects the damn data anyway. That's how it works.

But ok, let's be straight. I might even agree that caching improves accuracy. The point is - pretty much all fanbois before this discovery would throw stones at me if I told them "Your iPhone stores all your location data". They'd be like - "Mah gawd, you're sick, paranoid, why would they do that?". Now they are all like "But it's totally ok, it's a feature, it's for good reasons".

And don't you tell me that the vendor cannot get that data. iOS is closed-source. No one except the Jobsian empire minions know what's it doing under the hood.

Even Android being quasi-open-source has not been scrutinised enough to find the code that collects this data.

Now now... let's remember iPhone "killswitch". Let's remember Android "killswitch". Let's remember Kindle "killswitch" that has even been pulled already once.

Also, on a rooted device any program can hijack this data. Yes, it will ask for Superuser permission before but I will confirm because it is supposed to be some font changer or something.

Don't know about jailbroken devices, might be pretty much the same thing.

And don't you tell me that I shall not root my device. I have bought the device with my own damn money, including a licensed copy of OS (where applicable) that makes it working.

I repeat: I bought the thing with my damn money. My car doesn't drive me to nearest mart forcing to buy dog food and leave twenty for the beggar without my knowledge. I fear that soon it very well might.

Probably this data collection is buried under ambiguous wording somewhere in EULA, so my outcry is about the general tendency rather than about the this very fact.

All undisclosed actions are to be untrusted. Don't Be Evil.

Oh wait...

If you got something to hide, you probably shouldn't be doing it in the first place.

- Eric Schmidt, American philosopher (1955 A.D. - )

On the other hand, of those who still see the world through their rosy glasses:

So this is how liberty dies... with thunderous applause.

- Padme Amidala; Star Wars Episode III: Revenge of the Sith

Take off the tin foil hat, what you said is 100% not true, if you disable Location Services the file is left completely blank, also for the paranoid like you, disabling and reenabling Location services recreates the file every time, AND since it's just a cache not a log only your phone has access to the file

[Phouchg]

No, I still happen to have 58 byte cache.cell with some numbers in it. Likely, current cell I'm connected to. Still, why?

Also - no, I already wrote that an app with root privileges can read everything. Rooting can be done using an exploit, perhaps even without notifying user, thus providing an attack vector to malware.

Also, my brainwash blocking hat is made of Basotect, covered with a layer of thin film capacitors.

[Hollow.Droid]

No, I still happen to have 58 byte cache.cell with some numbers in it. Likely, current cell I'm connected to. Still, why?

Also - no, I already wrote that an app with root privileges can read everything. Rooting can be done using an exploit, perhaps even without notifying user, thus providing an attack vector to malware.

Also, my brainwash blocking hat is made of Basotect, covered with a layer of thin film capacitors.

So let me get this correct. You've encountered an app which not only roots a particular device but saves this 'Sensitive' data for nefarious means? If so, please share, as it takes a lot more than a one click installer to root most phones and even then I doubt someone would go to the effort of using a current exploit on a specific device to act as a rooting app while downloading this useless information. Also it sounds like you're describing an app which roots the phone secretly then opens your phone up to a host of malware. Exactly what does this have to do with the current topic? Regardless of whether or not you've rooted your device, it sounds like you're lacking in a basic understanding of the rooting process. Unless you're a moron who downloads random .apks which promise root you'll either use an app from the market which roots a device or follow a guide on xda/similar websites. The code and app at work are under scrutiny from numerous devs/users and I'm yet to hear of any app which roots and then steals data.

Read the following editorial, you'll clearly see that the option to store this information is highlighted in the initial setup and even if the information is compromised it provides zero useful information. What could you possibly hope to use cell tower and wifi statistics for? It sounds like your brainwash blocking hat isn't very effective.

[bjoswald]

Who cares unless you're running from the police? Cell phone tracking isn't always a bad thing. For example, my car broke down recently in a part of town I don't usually travel through.

When I called for roadside assistance, they used the tracking from my phone to find me, and I was out of there in a half hour. I know GPS/geo-location isn't exactly the same, but

there's always an underground army of tin foil hat conspiracy theorists waiting for the next controversial feature to be unlocked.

Unless you're hiding something, live with it and stop wasting energy worrying about it.

[alexalex]

So let me get this correct. You've encountered an app which not only roots a particular device but saves this 'Sensitive' data for nefarious means? If so, please share, as it takes a lot more than a one click installer to root most phones...

You don't have to click even once, just let Google remotely root your device to "clean" some malware :-)

[Hollow.Droid]

You don't have to click even once, just let Google remotely root your device to "clean" some malware :-)

You sir, fail. I'll not even discuss Google remotely rooting your device because rooting your device and using a kill switch to remove rogue apps are completely different. I'm also still baffled as to how the data collected by either Android or iOS can be of any use to anyone other than Google or Apple. Unless I was a spy I see no reason for caring about this.

[Jebadiah]

Who cares unless you're running from the police? Cell phone tracking isn't always a bad thing. For example, my car broke down recently in a part of town I don't usually travel through.

When I called for roadside assistance, they used the tracking from my phone to find me, and I was out of there in a half hour. I know GPS/geo-location isn't exactly the same, but

there's always an underground army of tin foil hat conspiracy theorists waiting for the next controversial feature to be unlocked.

Unless you're hiding something, live with it and stop wasting energy worrying about it.

You're missing the point. For the application you mentioned in your post, all you need is the current location of your phone. Why in ****ing hell does Google or Apple need to store an entire history of places you went to?

Start posting your address, bank account numbers, photos, location of family members, credit card numbers, etc. Mr. I have nothing to hide. Oh wait... you won't post it because I'm not Google or Apple, your best buddies.

[techbeck]

You all do realize that Android users have the option to OPT OUT when they first setup their phones. They also can easily turn it off. Google did not do this without letting their users know about it. So yea, they store **** but not without your knowledge

[Jebadiah]

You all do realize that Android users have the option to OPT OUT when they first setup their phones. They also can easily turn it off. Google did not do this without letting their users know about it. So yea, they store **** but not without your knowledge

Let's say I change my mind and I want Location services just for 1 minute because I want to see which restaurants are near me. Does the tracking turn on *forever* at that time? Who in the ****ing hell is Google to decide that? Where is this scenario defined?

Does it make it okay for Google to track me using the device throughout the lifetime of the device? This should be illegal by law.

Why does Google need a full history of where I have been? This should again be illegal by law.

Apps like "Find my phone" only need the current location. Any app that needs more than that should EXPLICITLY ask the user at the time of use that it requires more info - this is the expected user experience for sensitive data such as your location, your data, your address, your credit card number, your social security number, etc. There is ABSOLUTELY ZERO need to store a full history of where a user has been on the device. If you don't get that, you're contributing to the bull **** that Google and Apple are spreading.

[nubs]

You're missing the point. For the application you mentioned in your post, all you need is the current location of your phone. Why in ****ing hell does Google or Apple need to store an entire history of places you went to?

Start posting your address, bank account numbers, photos, location of family members, credit card numbers, etc. Mr. I have nothing to hide. Oh wait... you won't post it because I'm not Google or Apple, your best buddies.

Can anyone actually say they were surprised by this? All of the location services prompt you before they begin to store the information. If you opt out, Android does not store your location information. If you are one of those people who don't read before you hit OK, then you are at fault.