LWN: Comments on "Android phones keep location cache, too, but it's harder to access (ars technica)"

Android phones keep location cache, too, but it's harder to access (ars technica)

Baylink — Fri, 29 Apr 2011 01:23:06 +0000

Well, good that I reflexively declined that offer, based partly on *their not telling me what the $%*^ it actually meant*.

Surprising?

nlucas — Thu, 28 Apr 2011 11:44:15 +0000

Doing something because others do it is not an argument.

There is a big difference between anyone with access to your phone to also have access to location information and some company who you make business with have access to information you had to share with them.

An application you download from the internet should not *EVER* have access to this information, unless enough BIG RED BUTTONS have been clicked and the phone is on a special mode only hackers know.

There should be a way to easily clear this cache, like the "recent files" list on a desktop. It's important private information and needs to be handled like that.

The "we are all in a big brother world" argument is ridiculous. There are (at least) some of us who don't have a facebook account, or even a blog, because they don't buy into the "world is a stage" and "everyone want's their 15 minutes of fame" philosophy.

Yeah, I know just by commenting on a public forum I'm giving away some of my private life into the internet, but there is a line for everyone.

Android phones keep location cache, too, but it's harder to access (ars technica)

Hausvib6 — Tue, 26 Apr 2011 03:32:35 +0000

I see, so this is just a sensasional news jumping on the privacy-scare bandwagon started by iPhone location database.

Android phones keep location cache, too, but it's harder to access (ars technica)

Kamilion — Mon, 25 Apr 2011 18:27:05 +0000

Samy is my hero.

Android phones keep location cache, too, but it's harder to access (ars technica)

martinfick — Mon, 25 Apr 2011 16:29:39 +0000

> You opt-in to google's location services and it's turned on.

And surprisingly, there is even a big scary warning when you do so!

Android phones keep location cache, too, but it's harder to access (ars technica)

zsouthboy — Mon, 25 Apr 2011 15:50:08 +0000

This isn't going behind the user's back. It hasn't slipped through the source code to be enabled and reenabled with the compiler.

You opt-in to google's location services and it's turned on.

Surprising?

drag — Mon, 25 Apr 2011 12:48:47 +0000

If you want the truth it's helps to realize that phone companies track and record your movement anyways. If they don't sell that information it's only because nobody cares enough to pay for it.

Oh and your credit card (aka every major bank) collects and sells information about your purchasing habits. All personally identifiable, of course. Oh and mortgage applications are a big source of accurate information that is heavily traded.

Not to mention that your government collects information from your tax documentation, licensing applications, and other documentation your forced by law to fill out and sells that, too.

On top of that the government works closely with data collection corporations to ensure data accuracy.

Compared to all that Google is almost trivial.

Android phones keep location cache, too, but it's harder to access (ars technica)

webmastir — Mon, 25 Apr 2011 11:58:53 +0000

ahhh, ty for this

Surprising?

tialaramex — Mon, 25 Apr 2011 09:51:02 +0000

No, when they speak about endpoints they mean for Google's route planner.

Assuming you don't have some type of serious amnesia problem it's unlikely that you use Google's route planner to travel to and from work every day.

The geolocation data used to match WiFi hotspots, GPS locations and phone masts together doesn't have "endpoints" it's just a sea of possible correlations. If you find this to be a type of unbearable snooping, well, you can turn it off, but I'm afraid the rest of your life will be fairly miserable because tracking is inevitably going to become more and more pervasive over time.

In the larger picture we have a choice, much as societies have faced before. We can embrace the change and learn how to all live in the glass house, or we can fight tooth and nail and lose anyway. Sadly past experience suggests we'll probably choose to fight tooth and nail. Much better in most people's eyes to desperately try to lock the truth away than to face all the lies we tell ourselves and each other.

Android phones keep location cache, too, but it's harder to access (ars technica)

Hausvib6 — Mon, 25 Apr 2011 00:59:10 +0000

I thought since Android is FLOSS, pulling something like this will be lots more difficult since there are lots of eyes doing verification of the source code. Then I remember something about trust, http://cm.bell-labs.com/who/ken/trust.html.

Surprising?

gmatht — Sun, 24 Apr 2011 16:08:42 +0000

Revealing that a device arrives at my work at 9am and arrives at my home at 6pm regularly is more of a worry to me than revealing my IMEI. According to the article they delete endpoints, which I guess means that it isn't obviously trivial to get that data, but still not surprising to me if it can be reconstructed.

Android phones keep location cache, too, but it's harder to access (ars technica)

tetromino — Sat, 23 Apr 2011 17:22:55 +0000

According to Ars Technica, the data does contain a unique identifier, but that identifier is randomly generated, and is not derived from the phone's hardware IDs. In addition, data collection is opt-in: when you first associate your phone with your Google account, you are presented with a dialog giving you a choice whether or not to allow Google to collect location information.

Google spokesperson Randall Sarafa contacted Ars to clarify that its data collection practices are opt-in, as is Apple's. "All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices," he told Ars.

Furthermore, he explained that the unique identifier number is random, not hashed from the unique IMEI or MEID number associated with all mobile devices. Google's servers use the number to correlate data from a single device to analyze patterns. "Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user," Sarafa said. However, as researchers have shown numerous times in the past, "anonymized" data can often be analyzed and correlated with a single person with surprising accuracy.

Android phones keep location cache, too, but it's harder to access (ars technica)

Lennie — Sat, 23 Apr 2011 13:12:34 +0000

Supposedly the evercookie developer found evidence about Android sending it to Google ?:

http://online.wsj.com/article/SB1000142405274870398370457...

Here is the excerpt:

Google previously has said that the Wi-Fi data it collects is anonymous and that it deletes the start and end points of every trip that it uses in its traffic maps. However, the data, provided to the Journal exclusively by Mr. Kamkar, contained a unique identifier tied to an individual's phone.

Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the "evercookie"a type of tracking file that is difficult to be removed from computersas a way to highlight the privacy vulnerabilities in Web-browsing software.

The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar's findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar's conclusions.

Transmission of location data raises questions about who has access to what could be sensitive information about location and movement of a phone user.

Android phones keep location cache, too, but it's harder to access (ars technica)

Trelane — Sat, 23 Apr 2011 03:39:23 +0000

And you can put alternate firmware on a (non-jailed, not just jailbroken) phone.

Android phones keep location cache, too, but it's harder to access (ars technica)

simosx — Sat, 23 Apr 2011 00:04:30 +0000

At least for Android it is not on by default. You need to opt-in if you want the functionality.

According to https://github.com/packetlss/android-locdump
the files (if you opted-in) can be found at /data/data/com.google.android.location/files on your rooted Android phone.