Are you using an Android phone that is less than three years old? If you are, there is a good chance that it may be broadcasting your location history to anyone within Wi-Fi range that wants to listen.
According to the Electronic Frontier Foundation (EEF), they were able to trace the behavior to a feature called Preferred Network Offload (PNO) introduced with the Honeycomb OS. As part of the phone's ongoing search for Wi-Fi connections, PNO periodically blasts out a list of named networks the phone has previously connected to, often while the phone is still in sleep mode.
Users usually turn off the screen or put their phones in sleep mode to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data. However, for some reason, even though none of the Android phones that EEF tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about.
If the names include specific places, like "Verge HQ network" or "Nilay's Apartment," that list could potentially give away a person's movements and activity.
But if you're worried about the leak, it's easy to fix. Just go to "Advanced Wi-Fi" settings and disable the "Keep Wi-Fi on during sleep" option to stop PNO from checking for networks in sleep mode. (In exchange, you'll see a slight uptick in data and power usage.) EFF has asked Google to address the data leak at an OS level, but it doesn't seem likely.
"Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release," Google said in response.
Devices running iOS 6, 7, or 8 are not affected by the bug, although EFF reported some data leakage in iOS 5 devices. Laptops running OS X or Windows 7 are also potentially affected, but without a similar Sleep Mode protocol, the data leak was projected to be much more limited.
According to the Electronic Frontier Foundation (EEF), they were able to trace the behavior to a feature called Preferred Network Offload (PNO) introduced with the Honeycomb OS. As part of the phone's ongoing search for Wi-Fi connections, PNO periodically blasts out a list of named networks the phone has previously connected to, often while the phone is still in sleep mode.
Users usually turn off the screen or put their phones in sleep mode to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data. However, for some reason, even though none of the Android phones that EEF tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about.
If the names include specific places, like "Verge HQ network" or "Nilay's Apartment," that list could potentially give away a person's movements and activity.
But if you're worried about the leak, it's easy to fix. Just go to "Advanced Wi-Fi" settings and disable the "Keep Wi-Fi on during sleep" option to stop PNO from checking for networks in sleep mode. (In exchange, you'll see a slight uptick in data and power usage.) EFF has asked Google to address the data leak at an OS level, but it doesn't seem likely.
"Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release," Google said in response.
Devices running iOS 6, 7, or 8 are not affected by the bug, although EFF reported some data leakage in iOS 5 devices. Laptops running OS X or Windows 7 are also potentially affected, but without a similar Sleep Mode protocol, the data leak was projected to be much more limited.
Posts
0 comments
Post a Comment