Google's Location History tracking is creepier than thought
Research by online magazine Quartz suggests that Android's Location History feature tracks more data than initially thought.
Location History "helps you get better results and recommendations on Google products" according to Google. It may be used to locate a missing phone, get traffic predictions, or recommendations based on places you have visited in the past.
It is an opt-in feature of Android devices that Google integrated into apps like Google Maps, Google Photos, Google Assistant or Google App.
While many Android users are probably aware that enabling the Location History on the device provides Google with location-based data, most probably don't know what Google collects in detail.
Particularly worrying, so the researchers is the fact that every Google app may access Location History data and not only the app the user permits to collect the data.
The analysis
Quartz analyzed three Android devices from different manufacturers, the Google Pixel 2, the Samsung Galaxy S8 and the Moto Z Droid. The researchers created a portable Internet-connected WiFi network designed to pick up any "all of the transmissions that the devices connected to it broadcast and received."
The researchers removed the Sim cards and started to walk around with the devices to get a good sampling of the data that is recorded by the Location History feature.
The following information is transmitted to Google servers at regular intervals if Location History is enabled according to the analysis of the Quartz researchers:
- The type of movement, e.g., walking, biking or driving.
- The barometric pressure.
- Whether the device is connected to a wireless network.
- The MAC address of the connected WiFi network.
- The MAC access, signal strength, and frequency of all nearby wireless access points.
- The MAC address, identifier, type, and two measures of signal strength of every nearby Bluetooth beacon.
- The charge level of the battery and charge status.
- Battery voltage
- GPS coordinates of the device and accuracy information.
- GPS elevation and accuracy.
If Bluetooth is enabled, devices with Location History will pick up other Bluetooth enabled devices and submit the information to Google. This means that even if you have Location History disabled on your device or don't use Android, Google may receive information about your whereabouts.
Use this Google support page to manage or delete the location history, and to turn off the location history on the device.
Now You: Do you have location history turned on or off on your device?
Related articles
- All you need to know about Google's Account History feature
- Delete Location Information History On Twitter
- How to remove your search history on Facebook
- Your browsing history may have been sold already
- WifiHistoryView lists all wireless connections your PC made
Through root, a system level firewall (VPN firewalls cannot block ALL types of traffic), cellular/ Wifi data goes through a private DNS server, the analytics/ data grabbing scripts are removed from all installed apps and Google Play Services, zero Google apps (Except Maps), Bluetooth is fully disabled from system level, Location is used (Maps) when needed, then both are turned off/ disabled, auto updates/ sync are off (I sync manually), I don’t trust the ‘Cloud’, nor would I ever make financial transactions on a cell phone. Nothing gets in or out without my say-so.
Google gets roughly 60 kb of data per day (24 hrs) from me despite the fact Google Play Services tries to access data 1,500+ times per day (Firewall log). My device is fully functional, minus the spying parts.
The side effect of my device(s) not being two-way radios 24/7 is the battery never dies. Go figure.
Without root, it’s Googles/ Manufacturers’ device I paid $800+ tax for.
With root, it’s my device I paid $800+ tax for. I enjoy the full Android experience without the bs.
For those with nothing to hide, cheers! For those who know better, we can hide behind those who willingly share their 2+ gigabytes of personal data per week with strangers they trust.
I can see why Android needs this info. If you don’t like it, don’t use tech.
Brilliant comment! Practical, useful, realistic–not at all extreme or overly-simplistic. Thanks!
How on earth do people expect location services to work correctly if you cannot be located.
This paranoia is getting way out of hand.
It makes no sense to create hysteria with no grounds to do so.
Any form of innovation which comes out of google is met with a barrage of suspicious tinfoil hat criticisms of alledged spying etc.
Its getting absurd to be honest.
wageawar said: “Appears the “I have nothing to hide†coalition has arrived.â€
+1 Love it
The insane, exaggerated rhetoric and disingenuous claims are getting way out of hand.
“How on earth!†“Paranoia!†“Hysteria!†“No grounds!†“Barrage!†“Suspicion!†“Tinfoil hat!†“Spying!†“Absurd!â€
The only thing sounding hysterical and absurd on this page is your post.
No one “expects location services to work…if you cannot be located.†No one said that–stop making false and ridiculous claims. No one is trying to “create hysteriaâ€â€“stop making false and ridiculous claims. Stop with the ridiculous exaggerations–paranoia is a mental illness based on delusions–Google collecting, storing, and sharing/selling hundreds of millions of peoples’ data is real, not delusion. People who prefer not to give it all away or take it as you obviously do are merely different from you/wiser than you, not “paranoids†or “hysterics.â€
People have the right to be as suspicious as they want about anything, especially the motives and practices of CORPORATIONS, which exist only to make financial profits, not to protect everyday consumers’ privacy. In fact, in the case of a data-harvester such as Google, the two are diametrically opposed and mutually exclusive–people ARE the product, and the vast overwhelming majority of them are most often not fully aware of it because it is done to them in a very sneaky way. You like it? Good for you. But don’t insult everyone else who’s not identical to you as being mentally ill hysterics. That’s the only “absurdity†that’s “getting out of hand,†“to be honest.â€
Appears the “I have nothing to hide” coalition has arrived.
Agreed. +1.
At my age Google location history helps me remember where I’ve been. I don’t understand all this paranoia, you can learn more from somebody by putting their recycling into the back of your car on collection day and go through it later. It tells you which supermarkets you been to it tells you what pills you’ve thrown away etc etc etc. It would make a good television program.
Like most things Google, they are better TURNED OFF
Any Android older than android 51 doesn’t need
Google to function, so if you root and delete
all the googler nonsense you’re good to go.
Some phones even have a stock android browser.
…and what information is transmitted to Google servers at regular intervals if Location History is DISabled?
Is it really “opt-in” though? You get bothered by that damned pop up every single time you open google maps.
I kept declining it for months until I slipped up and clicked yes, then I had to hunt it down in the settings to disable it again.
How many users do you think do that? Most keep it enabled.
The barometric pressure is used to track you through subway systems, as you don’t get a GPS signal down there, but the geometry of each subway station is unique, so they have collected barometric profiles to track you even under ground.
I read those articles (there are two) a week or so ago, they’re interesting, especially how deeply you have to go into menus to find all the settings and the double negative/double positive menu language that leaves you wondering if you’ve turned location off or on.
Location is off on all our phones. Chrome was disabled on all our phones, ff focus is our browser, google play disabled, play account deleted, gmail disabled, EMail instead. Google maps? Yeah, sure, no way. If we need to use any of that it’s on, then off immediately.
I can’t root two of our phones or I would; the other two barely work. Too bad, kids, phones don’t like being submerged!
Google has how many extant consent decrees? They carry on the way they do because they’re allowed to for whatever political reasons, not because they’re not in constant serious legal trouble. They’re super rich, too. All their physical products cost nothing to make and really are just another way to collect info to sell advertising.
If these buffoons are going to try to steal my privacy, I’ll mess with their plans as much as possible. If you look hard enough, open source, etc alternatives that work well are available. You’ll just have to forgo the designed for 3 year olds interfaces.
Zuckerberg made his billions with Facebook and built a 6 foot stone wall around his Hawaiian vacation retreat. He takes his privacy seriously.
I wonder what steps Larry Page takes to protect his personal life. I bet Google keeps its secrets under lock and key.
Us? Our privacy doesn’t matter – at least not to them.
Rooted an HTC a while back and i deleted about
100 google tracking scripts, am now using an lgk7 and had to kill off at least 60
google scripts on that one.
Google does not scare me as much as the current US “president”.
Must be here illegally. Well… best not answer your doorbell. LoL
LOL! Second that!
heh ! …corporation of GOOD ….. ( NO ! )
Having said all that, Google Maps is still the best map solution around and one of the main reasons I still use a minimal amount of Google services.
Google Maps is the best overall. However, if you’re lucky then Open Street Map-based applications can be equally good. The problem with OSM is that some areas are not well-served by them at all, so your mileage will vary.
And what of Google Maps on satellite, via vehicle Sat Nav? Surely that type of in-built car device is storing details of each and every journey that modern type of car makes?
Best stick to my old VeeDub!!! That doesn’t even beep when you’re not wearing your seatbelt. Ahh…that’s the way they used to be made!
@Sophie
In-car data issues can be resolved by disconnecting the cell antenna they use to phone home. Typically, this is easy to do, and there are car model-specific instructions all over the internet.
“Do you have location history turned on or off on your device?”
Off.
Plus, I run my phone rooted and use a firewall that blocks all traffic, both incoming and outgoing, unless I specifically allow it. I do this to block telemetry that apps may engage in, as well as failsafe just in case someone (ahem… Google) is gathering data without my permission. I figure that data gathering is less problematic if it can’t be sent anywhere.
The truly creepy part is where they state that Google will not track your location. What’s not specified is that any government agency with suitable technology can and will silently track every your move via GPS, and those near you via Bluetooth.
You can’t “intercept” GPS to figure out where someone is.
Your phone only receives GPS signals and calculates the position itself.
This calculated position is then transferred to Google & co via location history.
I keep this enabled so I can use Google Assistant. I guess if I ever need to rebel against the government, I’ll disable location then. Otherwise, I’m ok.
Personally, I’m more worried about corporate surveillance than governmental surveillance.
According to Google’s support page, I have already “paused” all of that except my YouTube watch/search history, which suits me – when I go there (once every few days) I don’t want to be greeted with what’s popular in my country, but with something useful. I’ve disabled the Google app as I’m using DDG in my browsers anyway (even without me using it, it would sometimes gather up to 200 MB of data in its cache). Also, Blokada (from F-Droid) keeps blocking connections to google-analytics and googleadservices among other things, so, no, Google doesn’t know where and how fast I’m walking my dog. Which is always the same places anyway. And if I ever get really lost somewhere and need a map, I will ask them… Heck, if I’m hopelessly lost I’ll ask Microsoft, NSA, FSB, CIA, Ozna, Facebook, Mossad, whoever can help, I don’t care. :-)
Choose a device from this list: https://wiki.lineageos.org/devices/, which also supports Xposed framework.
Flash the phone with LineageOS ROM.
Load it up with open-source apps and apps which help with privacy such as AFWall+ and XPrivacy/XprivacyLua.
It’s possible.
I’m using XprivacyLua but it only affects apps and what info the apps collect. Your advice will do nothing to affect google location history.
A better advice, pertaining to this issue, would be to use microg builds of lineageos: https://lineage.microg.org/
My mistake, apparently it only supports ROMs which support signature spoofing. Thanks for the info.
My suggested way is to avoid Google services at the beginning. But yes when they are required microG is the way to go. microG components can be installed to most AOSP-based ROMs I suppose.
Long-time Android user and I have always had location history turned off. I want to say DUH! but I won’t. ;)
Ditto what Jason said. I wouldn’t be so cocky if I were you.
Were you aware that Google was collecting location info for several months even while location services (not location history – location services, ie the GPS itself) was turned off? I wouldn’t have too much faith in your ability to control Android’s privacy if I were you.
I heard about that and collecting a single cell-tower address isn’t quite the same thing as using your GPS. Sure, they can use multiple tower locations to triangulate your location but there is no evidence of that.
I’ve personally never seen anything listed in the Location History for 3 different Google accounts. Does Google know approximately where I’m at? Of course they do and they always have. Just like iOS has a very good idea where you are at even with location services off. Bluetooth scanning, WiFi scanning, IP addresses, MAC addresses and 100’s of different user apps can be used to locate and identify you.
Hell, if you’re worried about privacy then using a smartphone with an OS provided by Google or Apple isn’t a great choice. And, there are reasons why I’ve been dragging my feet updating my rooted Nexus 5x to Android 8. I have way too many modified system files. ;)
I turned off Location History a while ago after I discovered it. Creepy enough that it pointed all the locations I frequented, the path I took to get there, sorted by day/week/month. An actual map of the places I go and walk/drive through and the exact hour.
I disabled it, but I have no guarantee that Google isn’t collecting that data still. I keep Bluetooth, WLAN, GSM data and GPS disabled (I also disabled that feature which allows Google to use Bluetooth/WLAN even when they’re disabled for positioning), unless I need wither function, but I think the only solution would be to get rid of GApps entirely. Some day I’ll do it.
Can you imagine if someone gets access to that data? It’s not just “creepy” it’s actually scarry.
> Yuliya said: “I disabled it, but I have no guarantee that Google isn’t collecting that data still.â€
Insaneapple “ even when we press these buttons we have no true assurance that feature is really disabled “
Yes, Google was just caught at the end of last year still collecting the location data even when the user had “disabled†location services. News of it came out in November or December 2017. I’ve posted about that on ghacks at least once or twice.
The basic problem Yulia is that even when we press these buttons we have no true assurance that feature is really disabled – that’s pure virtual thing, you gotta trust developer that function is coded and does the real thing; physical buttons doing that would be doing this taks better – tho, there’s still possibility that even with physical interaction function wouldn’t go off. I have a Plantronics bluetooth headset and whenever I switch physical button into off position, I can still hear the voice announcement for few seconds
And there’s this quite recent case of Apple playing with iOS design; in Control Center even if you do actions that seems to be turning off bluetooth, wifi – these actually are being suspended and you gotta reach Settings to turn these really off.
Sorry but I cannot replicate that.
I have it off most of the time and only use it when i need it, and I see little or no extra data in my history.
But I have also denied and removed as much useless apps like the standard spyware weather app, facebook and such. removed if possible, forced stop them each time after reboot.
Having those applications on and allowing them to your location, also enables the location services. Some even ask the rights to change that setting, so if you’ve accepted without looking it’s more probably something like that.
Sorry, I’m not actually creeped out at all (except maybe by these researchers).
> “at least the situation you describe is an “opt-in†by the customers.â€
Every such situation I have read about in Europe and in the US has most assuredly NOT been opt-in. In the US Nordstrom was caught tracking people, and they were just one of many retailers caught doing so. Whole Foods was using cameras and facial recognition on everyone entering their stores from at least a few years ago, well before they were purchased by Amazon. Again, not in any way “opt-in.â€
The new Amazon shops are extraordinarily creepy and one can only hope they will not succeed and become a harbinger of increasingly invasive things to come.
> “As far as any store owners/personnel tracking customers–well, it’s their property. Just avoid the stores that do that if it bothers.â€
A naive sentiment at best. As an exclusively organic/bio mostly raw-food vegan, I WISH that I could avoid a big corporate chain store like Whole Foods, but whenever and wherever I am in the States they are often/usually the only or one of the only stores which has acceptable food. And even if there is another somewhat similar store sometimes, WF often has things which one cannot get anywhere else. Thus people cannot always “just avoid stores that do that†when those stores doing that are food stores and people must eat to live.
I always love to hear how some people think they have an absolute right to privacy when they’re out in public. Yeah, I’m the one who’s “naive”.
@Earl: Who thinks that?
Earl: “Yeah, I’m the one who’s naive.â€
I wouldn’t say that about you. From what you post here you’re more of the “I’ll bend over for anybody and everybody and they can do whatever they want†type.
That’s fine for you if that’s the way you like it, but it’s so predictable and tiresome when you always climb on your high horse and pontificate to everyone else here that they have no right to privacy, that they are so naive for it being important to them, etc.
Why don’t you post all your user names and passwords here for us? Since there is no privacy, and privacy doesn’t matter to you, and you’ve probably got nothing to hide, either, right?
No, I think it IS creepy…… now you can go into shops here in the UK, and they are using tracking devices to follow your movements around the shop, via your phone. I think this may need BT or Wifi.
For this reason, I have a lovely old fashioned dumb phone, and it makes phone calls as good as any smartphone. For everything else, I have a tablet with location turned off, and VPN on it.
I have a sleeve that prohibits RFID and pings to cell towers, nicely into Tin Foil Hat territory…..
In a way, this is a war against data collection, and it can only escalate, while we (I) take ever stronger preventative measures.
To you data-stalkers? No thanks, I’m watching you too.
The only phone I carry around with me is a plain old cell phone, and I don’t actually carry it–I leave it in the car (so, yeah, please track that if you can [Google or govt.]–might be useful if it’s stolen). My smartphone is my home phone.
As far as any store owners/personnel tracking customers–well, it’s their property. Just avoid the stores that do that if it bothers.
“Just avoid the stores that do that if it bothers.”
That’s all well and good — but the store has to tell you that they’re doing it (which none that I’ve seen actually do). Otherwise, how will you know?
Sophie, I’ve got a question and a comment.
You said you use a sleeve that “prohibits … pings to cell towers”. Does this mean you cannot receive calls or messages unless you take your phone out of the sleeve?
Regarding tracking in shops, I agree that it is massively creepy, but at least the situation you describe is an “opt-in” by the customers. Things will be much, much worse when shops start putting up face tracking cameras that do not need to interact with your phone. You will be opted-in whether you like it or not, without the possibility of opting out unless you avoid the shop (or even the street in front of the shop) altogether.
It’s not opt-in. If you go into a store with trackers and your phone on, every movement is tracked. Turning off wi fi and BT isn’t enough, your phone constantly pings for all three, it has to be shut off completely or put in a tight RF sleeve. Get a wallet with RF mesh, the new “secure” credit cards can be stolen by a nearby phone.
“Turning off wi fi and BT isn’t enough, your phone constantly pings for all three”
This is the first I hear of this. So you’re saying the store tracks you on the cellular network? I don’t see how that would work unless less they have some kind of agreement with your cellular company. A phone wouldn’t just ping random unknown networks.
I’m genuinely curious about this.
@Jason – yes indeed, you are correct. All signals are blocked. This is ok for me though, because I am only an occasional cell phone user, and for priority things, rather than casual chit chat. So clearly….my approach would not suit many. I often don’t use that sleeve….it just felt in some ways, like a nice simple thing to buy, “just in case”.
I’m not entire sure about the opt-in your refer to. There have been examples, including on UK Public Transport, where details given were either not really there, or purposely very tiny, in the data gathering declarations. So we do have to watch our backs!
Just look at the new Amazon shops. That’s not for me, I’m too old fashioned, while also loving tech….or perhaps I’m modern, but hate tracking!!
Thanks for the info about the cell phone. I figured as much, but I wasn’t 100% certain.
Sophi, I am with you in that approach, but please be aware that very few VPNs are honest about their data collection too, despite what they may say on their sites.
See here if you VPN gets a mention – good, bad or damned ugly?
https://thatoneprivacysite.net/
@RottenScoundrel – yes….of course you are right. We are only shifting our data and network activities from our ISP to a “surrogate”. But I believe that at some point, we have to trust a little, as there are really no other options…..apart from perhaps setting up our own VPN server in another country, and I have only the vaguest ideas of how to do that.
I spent a lot of time looking into VPNs, and feel I have chosen fairly well….but after that, what do we know? I do know that my VPN mixes around IP traffic, so that its all jumbled up, with nothing tracking back to an individual…..and by the use of two chained VPNs, via a Virtual Machine, I am fairly lost in deep space.
While I wish no history saved of me, I also know that I do nothing illegal….not even close, so my trust of my VPN provider becomes a little easier. Yet by the other token, I know that the UK government mandates that logging occurs with my large UK ISP…..in other words, logging there, is a given, whereas I trust my VPN not to log, as they say (though who truly knows!). I also use their DNS servers, which can only help.
Now I will have a look at your link. Thanks! Try also BESTVPN, as I find them a good source.
Good job, Sophie. You can never be 100% anonymous but your life doesn’t have to be an open book, either. Some things they want need to be denied, it’s as simple as that.
Very interesting and scary, thanks a lot for the information !