Google Android smartphones and tablets have a major privacy flaw that broadcasts private location data over Wi-Fi even when the connectivity is switched off and it will take some time for Google to fix the error.
Research by the Electronic Frontier Foundation [EFF] found that devices produced in the past three years transmit location history to anyone within Wi-Fi range whilst the screen is off and the device isn’t connected to a Wi-Fi network.
The leaked data comes in the form of the names of wireless networks that the phone or tablet has previously connected to including homes, workplaces, travel destinations and anywhere else that wireless Internet via Wi-Fi has been accessed, and includes up to 15 stored network names.
"This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi," EFF’s Peter Eckersley and Jeremy Gillula explained in a blog post. "Normally eavesdroppers would need to spend some effort extracting this sort of information from the latitude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up."
Google is aware of the issue and an employee has already submitted a patch to wpa_supplicant that fixes the issue and explained that it is working out whether it needs to make changes to Android to make it more secure.
"We take the security of our users' location data very seriously and we're always happy to be made aware of potential issues ahead of time. Since changes to this behaviour would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release,” read a statement from the company.
In the mean time, which could take a while, the EFF has advised Android device owners to turn off the “Keep Wi-Fi on during sleep” mode even though it leads to an increase in both data usage and power consumption.