Skip to main content

Your smartphone battery could be spying on you

It doesn't matter how security-conscious you are, your smartphone battery might still be spying on you and sending personal information out on to the internet.

A vulnerability in HTML5 can be exploited by hackers to identify and track your smartphone as you move around the internet.

As The Independent explains, a piece of software in HTML5 tells websites how much battery your phone has left in what's meant to be a power-saving mechanism for when your device is running low, but this same information could be used to identify your phone without you ever knowing.

Lukasz Olejnik, Gunes Acar, Claude Castelluccia and Claudia Diaz, authors of new research entitled ‘The leaking battery: A privacy analysis of the HTML5 Battery Status API,’ explain: "In short time intervals, Battery Status API can be used to reinstantiate tracking identifiers of users, similar to evercookies. Moreover, battery information can be used in cases where a user can go to great lenghts to clear her evercookies.

"In a corporate setting, where devices share similar characteristics and IP addresses, the battery information can be used to distinguish devices behind a NAT, of traditional tracking mechanisms do not work."

The API was approved by the World Wide Web Consortium (W3C) in 2012 with the reasoning that "the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants."

The API is currently supported by Firefox, Opera and Chrome, with websites receiving information regarding the percentage of battery capacity remaining and the number of seconds before the battery will run out of juice completely.

These two numbers are then put together to create a sort of ID number for around 30 seconds until the numbers update themselves.