Tuesday April 23, 2019
Home Lead Story Experts Say T...

Experts Say That Google Storing Location Data Can Be Easily Abused

According to Jesse Victors, Software Security Consultant at Synopsys, when Google builds a control into Android and then does not honour it, there is a strong potential for abuse.

0
//
Google storing location data has strong potential for abuse: Experts
New bug forces Alphabet to expedite Google+ API shutdown. Pixabay

 A day after reports surfaced that certain Google apps track your whereabouts even when you turn off location data, experts on Tuesday expressed concerns about the practice, stressing that location and identity data can be used for both good and bad.

The Associated Press on Monday ran a story saying an investigation found that many Google services on Android devices and iPhones store users’ location data even if the users explicitly used a privacy setting forbidding that.

Researchers from Princeton University confirmed the findings.

According to Tim Mackey, Technical Evangelist at the US-based tech company Synopsys, it has been widely understood for some time that tech giants like Google use data supplied through the use of their services as part of their efforts to personalize the experience.

google maps
Location History is a Google product that is entirely opt in.Pixabay

“There is a basic saying when it comes to most technology — ‘Just because you can, doesn’t mean you should’. For practical purposes, this supply of personal data has been part of the virtual fees we pay to companies in exchange for ‘free’ access to the services provided,” Mackey told IANS.

“With General Data Protection Regulation (GDPR) in the EU now in effect and regulations like the California Consumer Privacy Act (CCPA) on the horizon, companies collecting personal data need to reassess their use of personal data,” he noted.

In a statement given to IANS, Google said that “Location History is a Google product that is entirely opt in, and users have the controls to edit, delete or turn it off at any time.

“As the (AP) story notes, we make sure Location History users know that when they disable the product, we continue to use location to improve the Google experience when they do things like perform a Google search or use Google for driving directions,” said Google.

just turning off Location History doesn't solve the purpose. In Google Settings, pausing "Web and App Activity" may do the trick.
just turning off Location History doesn’t solve the purpose. In Google Settings, pausing “Web and App Activity” may do the trick.

But just turning off Location History doesn’t solve the purpose. In Google Settings, pausing “Web and App Activity” may do the trick.

However, according to the information on Google’s Activity Control page, “Even when this setting is paused, Google may temporarily use information from recent searches in order to improve the quality of the active search session”.

According to Mackey, since we’re talking about consumer-level services, the expectation of the consumer for an “off switch” is what matters most.

“Users wishing their location be kept private indicate this preference through the ‘Location history’ setting. If vendors placed themselves in the shoes of a consumer and respected the setting, managing consent under regulations like GDPR would be simpler and the user’s expectations would be met,” Mackey emphasised.

Also Read: Microsoft’s Android Launcher Now Lets You Track Your Kid’s Location and App Usage

According to Jesse Victors, Software Security Consultant at Synopsys, when Google builds a control into Android and then does not honour it, there is a strong potential for abuse.

“It is sometimes extremely important to keep one’s location history private. Other times, you may simply wish to opt out of data collection. It’s disingenuous and misleading to have a toggle switch that does not completely work,” Victors said. (IANS)

Next Story

Now The Hackers May Want To Crack Down What You Stream on Netflix

While Netflix contended that carrying out such an attack would not be easy as it requires access to network traffic for analysis, the IIT Madras researchers pointed out that tricking users into connecting to rogue routers or access points is quite possible for hackers.

0
Netflix
"I work on analysis of encrypted network traffic, and when we stumbled upon this Netflix movie Bandersnatch it was something very new," Gargi Mitra, a PhD student at IIT Madras was quoted as saying by the WIRED. Pixabay

Despite Netflix’s move to encrypt all its video streams in order to better protect user privacy, hackers may still get to know what interactive content you watch on the popular streaming service, new research from the Indian Institute of Technology (IIT) Madras suggests.

The researchers said that they can analyse Netflix’s encrypted interactive video traffic to find clues about the viewing habits of users, and which choices they have made in their movie journeys, the WIRED reported on Sunday.

Netflix
Analysing the choices that 100 viewers made, the researchers were able to determine the decisions correctly 96 per cent of the time, the report said Pixabay

The interactive content on Netflix allows users to make choices for the characters and shape the story. Each choice leads to a different adventure, so users can watch again and again, and see a new story each time. Black Mirror: Bandersnatch and You vs. Wild are some of the interactive titles that Netflix has.

“I work on analysis of encrypted network traffic, and when we stumbled upon this Netflix movie Bandersnatch it was something very new,” Gargi Mitra, a PhD student at IIT Madras was quoted as saying by the WIRED.

hacking
The researchers said that they can analyse Netflix’s encrypted interactive video traffic to find clues about the viewing habits of users, and which choices they have made in their movie journeys, the WIRED reported on Sunday. Pixabay

“But when I was looking at the choice-making interactions it turned out that they are similar to other kinds of interactions in web applications and web sites I study. So I tried out some of my techniques and we were able to determine which options the viewer chooses,” Mitra added.

Also Read: Research Reveals, Cancer Patients Are More Likely To Use Marijuana
While Netflix contended that carrying out such an attack would not be easy as it requires access to network traffic for analysis, the IIT Madras researchers pointed out that tricking users into connecting to rogue routers or access points is quite possible for hackers.

Analysing the choices that 100 viewers made, the researchers were able to determine the decisions correctly 96 per cent of the time, the report said. (IANS)