When it comes to tracking the precise location of an Android user’s phone, Google appears to use every means available—including Bluetooth-based location information transmitted to the company when the user might think they have Bluetooth turned off entirely.
A Quartz investigation found that a user can turn Bluetooth off on their smartphone running Google’s Android software, and the phone will continue to use Bluetooth to collect location-related data and transmit that data to Google. It does this by sending Google, among other things, the unique identifier codes of Bluetooth broadcasting devices it encounters. Such devices, known as beacons, are often used in stores, museums, and other public places to help phones ascertain their locations within buildings. Alphabet-owned Google does the tracking in part so advertisers can target “more useful” digital ads to users, but Quartz discovered that the company taps into an array of signals that can yield an individual’s whereabouts even when the user thinks they’ve disabled such tracking.
How it works
Google’s Bluetooth tracking is a confluence of three features: Location History, which activates Google’s location-tracking; Bluetooth; and Bluetooth scanning, an option buried deep in the Android settings menu. When Location History is activated, Android phones try to send a plethora of nuanced information back to Google (we reported on that here), including nearby Bluetooth devices.
A spokesperson for Google confirmed that turning off Location History would stop a phone’s reporting of nearby Bluetooth beacons.
A third option on Android called “Device only” location allows a user to utilize only GPS to determine location, rather than “High accuracy,” which uses GPS, wifi, Bluetooth, and cellular signals. But even when a phone is in Device-only mode, beacon information is sent to Google when Bluetooth is off (though not when scanning is also disabled). If Location is turned off entirely, and then re-enabled, the phone resets to the High accuracy mode, making the setting hard to rely on.
Quartz was able to capture Bluetooth data transmissions on three phones from different manufacturers, running various recent versions of Android. To accomplish this, we created a portable internet-connected wifi network that could eavesdrop and forward all of the transmissions the devices connected to it broadcast and received.1 None of the devices had SIM cards inserted. We walked around urban areas; shopping centers; and into stores, restaurants, and bars. The rig recorded every relevant network request2 made by the Google Pixel 2, Samsung Galaxy S8 and Moto Z Droid, we were carrying.
Understanding Bluetooth beacons
In a world of wireless headphones and hyper-customization, that’s an increasingly difficult proposition.
While the sharing of locations derived from GPS and similar signals may be acceptable to some users of Google Location—its accuracy limited by buildings, trees, and other obstructions—Bluetooth low-energy beacons are used to pinpoint a device to a more specific locale. Museums use them to give guided audio tours, restaurants use them to deliver food to the proper table, airports use them to guide passengers around terminals, and retailers use them to track and advertise to customers in their stores. A beacon does not collect information on nearby devices—like a television station, its signal is a one-way broadcast—but when an Android phone sends Google a unique Bluetooth identifier, the company can not only track you around town, but also into a mall, through a store, and up to a specific rack of clothes.
In its investigation, Quartz browsed a Macy’s in Palo Alto, California, that appeared to contain dozens of Bluetooth beacons, seemingly contained in transparent white domes mounted on the ceilings above racks, escalators, and display cases. In a Bloomingdales in the same shopping center (both stores are owned by Macy’s Inc), only one beacon was detected, above the store’s entry.
No signals were detected in a Nike Store in the same shopping center, but many signals were received while perusing nearby traditional menswear retailer, Jos. A. Bank. The 15,000-square-foot Apple Store (1,400 square-m) one block away was also full of signals from about a dozen different beacons.Bluetooth-beacon information can be collected in such a way that it’s hard to avoid being geographically tracked. Even if a beacon’s location has not been proactively registered into a public database by whomever installed it, all it takes for Google—or any other company—to determine a beacon’s geographic location is a single nearby phone with loose privacy settings. The location of a device with tighter privacy settings can then be determined using the information collected by the first.
Understanding Bluetooth scanning
While turning off Bluetooth is easy enough, “Bluetooth scanning” is buried in a secondary settings menu. Descriptions of its function are unclear, and the option to turn it off doesn’t work as any reasonable person would expect.
Of the three phones tested by Quartz, only one somewhat accurately describes the scanning functionality on the screen where it can be manipulated. The Samsung Galaxy S8 running Android 7.0 notes that Bluetooth scanning will cause the phone to connect to nearby devices “even while Bluetooth is turned off.”
The Pixel 2 running Android 8.1—the latest version of the operating system—and Moto Z Droid running Android 7.1.1, by contrast, only specify that Bluetooth scanning will allow the system to “detect Bluetooth devices at any time,” leaving it unclear if that means any time Bluetooth is enabled, any time the phone is on, or any and all times the phone exists in the world. The messages displayed on all three devices are also the equivalent of digital fine print, utilizing smaller font sizes and lighter colors that make them easy to ignore or dismiss as ancillary.
For an Android user who doesn’t want her phone to connect to her car while someone else is driving it (Bluetooth), but still wants more precise location services (Bluetooth scanning), the counterintuitive “off means off sometimes” setting may be preferred. Conversely, the user who wants his phone to connect to his car but doesn’t want his phone to use Bluetooth to locate him will need to adjust additional settings.
The messages are the equivalent of digital fine print, utilizing smaller font sizes and lighter colors that make them easy to ignore or dismiss as ancillary.
Other Bluetooth settings messages are conditional and buried many menus deep, where most users may not see the warning. There are no fewer than six ways to toggle Bluetooth on newer Android phones, and only one of them—the hardest to get to—displays a message about how Bluetooth scanning is still active when Bluetooth is turned off.
That menu is accessed by continually drilling down to deeper and deeper menus until there are no deeper Bluetooth menus to go to. Toggling from the quick settings, the default Google voice assistant,3 and higher-up settings menus provides no explanation that some Bluetooth functionality remains active when the option is disabled.
Where to find Bluetooth scanning on your phone
Making it harder for a Android user to adjust these settings, the labeling and location in the settings varies from device to device.
On the S8 scanning is located under
Settings >
Connections >
Location >
Improve accuracy
On the Moto Z Droid it’s
Settings >
Location >
[three-dot menu in the top-right corner] >
Scanning
On the Pixel 2 it’s
Settings >
Security & location >
Location >
Scanning
Asking Google Assistant to “turn off Bluetooth scanning” by voice led the Pixel 2 to turn off Bluetooth and leave Bluetooth scanning enabled.4 On other phones the same request returned a web page with instructions. Location History cannot be turned on or off through the voice assistant.
For a person casually setting up a new Android phone—that is to say, someone who agrees to every default prompt during setup—Bluetooth scanning will be enabled on some.
1:
We used software called SSLSplit on a laptop which accessed the internet through an additional mobile phone connected with a USB cable. The laptop was set up to share that phone's internet connection over the computer's wifi. Any device that connected to the password-protected wifi network was subject to what is known as a man-in-the-middle attack.
2:
We captured requests on ports 80, 443, 465, 993, 587, 5222, 5228, and 8443 while allowing requests on other ports to be transmitted without diversion.
3:
Samsung’s Bixby assistant does not suffer from the same issue because it brings a phone user to the Bluetooth-settings page rather than manipulating the setting without leaving the voice assistant interface.
4:
Conversely, Samsung's Bixby assistant is able to turn off Bluetooth scanning from a voice command.
Source: qz.com
No comments:
Post a Comment