The Electronic Frontier Foundation discovered that the majority of Android devices were leaking Wi-Fi connection history data to anyone within range.
This location history contains the names of Wi-Fi networks that the device has been connected to in the past. While it may contain cryptic names, it may also contain names such as "Home", "London Heathrow Airport" or "Tom's Mancave" that can be easily identified location-wise.
The feature that makes this possible was introduced in Android 3.1 Honeycomb. It is called Preferred Network Offload (PNO) and its purpose is to allow Android phones and tablets "to establish and maintain Wi-Fi connections even when they're in low-power mode" to extend battery life and reduce mobile data usage.
Not all devices leak SSID information though. Apple's iPhone, Amazon's Kindle Paperwhite, the HTC One Mini or the Samsung Galaxy S4 don't leak the information, while Google's Nexus 4 and 5, the HTC One or the Samsung Galaxy Nexus do.
What you can do about it
There is unfortunately not a lot that you can do about it. Google has created a fix for the issue according to the EFF but it will take a while before it lands on user devices.
There are however some options in regards to Wi-Fi settings on Android devices that lock down the phone at least partially.
Note: The device used to demonstrate this is a Moto G running Android 4.4.2. Menus, names and options may differ depending on the version of Android and the manufacturer of it.
The Wi-Fi Settings
Tap on Settings and then on Wi-Fi in the settings menu. Here you find a list of all wireless access points in the vicinity, and whether your phone is connected to a wireless network at that time.
Locate the settings icon in the lower right corner of the screen, tap on it, and select advanced from the context menu that opens up.
Here you find several interesting options in regards to privacy:
- Keep Wi-Fi on during sleep - The EFF recommends to turn this feature off which will block the history leaking on some -- but not all -- Android devices. It did not work on a Motorola Droid 4 for example as the EFF points out.
- Scanning always available - If turned on, which it is by default, it allows Google's location service and other apps that make use of the feature to scan for networks, even if Wi-Fi is turned off.
Modifying the settings may block the information from being transmitted on some phones but not on all. You may want to consider disabling Wi-Fi whenever it is not in use. While you can do so manually each time, using apps such as Screen Off Wifi Off assist you in this by doing so automatically.