A new study reveals that thousands of Android apps covertly collect location data using Bluetooth and WiFi beacons, allowing continuous tracking and profiling of users without explicit consent.
AFAIK you have to give the app location access for it to be able to scan sourrounding networks and see the SSIDs (At least that’s how it works on the newer Android versions circa around Android 10 or 9). For bluetooth you have to enable at least the nearby devices permission. If you do that then it makes sense that the app can track your location.
And Android specifically requests this permission as location sharing so that it is clear that if you give the app permission to scan Bluetooth and WiFi networks it will know your location.
F-droid or bust
That’s not quite legal, but I don’t think anyone is surprised
Did… did people not know this?
I mean, I guess this is a study of how widespread it is, but this shouldn’t be news to anyone.
Apps have been doing this for about a decade, either more precisely determining your location when GPS location is on, by checking it against known stationary wifi and bluetooth things that come into range, or even just guessing your location with GPS off via the same thing.
Most people just blindly give every app every permission it asks for, just like most people don’t read ToS.
You can either deny unnecessary permissions for each app, or just have wifi/location/bluetooth off if you’re not actually using them, and/or keep reseting your ‘advertising id’… or just run in airplane mode as a kind of ‘do not disturb’ mode.
Of course… if apps are actually circumventing those above methods of mitigation, permissions management etc, … well then they are malware.
Apparently 19% of the apps use methods that are so explicit that they probably violate the Google Play Store’s TOS, but 86% of them use methods that are basically allowed.
All malware imo, hooray for closed source proprietary software (the sdks built into the apps are closed source), you can totally trust them lol.
and thats why i finally gave up two years ago and bought a pixel and installed grapheneOS. also i just dont use shitty apps anymore. its a good life
This is the way
They’ve been doing this for like, 10 years…
The Precise Location Permission description, specifically states that’s what they’re doing.
That’s the main reason why both mobile platforms always trying to keep WiFi and BT on…
Good thing the normir got nothing to hide so it is not harming anyone
If I don’t give them permissions to use Bluetooth and cut off their access to WiFi (VPN based firewall), is this threat prevented or am I a fool?
The article states they cicumvemt androids privacy controls, but doesn’t say how. As far as I’m aware, WiFi access point scanning is behind the location permission and service for precisely this reason. So if you just deny that permission, you should be fine.
I wasn’t able to use my WiFi ssid in home assistant automations without having location services enabled, for example.
I wasn’t able to use my WiFi ssid in home assistant automations without having location services enabled, for example.
I was recently(6 months ago) gifted a very nice pair of Bang & Olufsen BT headphones. They come with a 3.5mm hardline as well…but since my phone, and basically everyone else’s, no longer has a port for that…🤷
BT connection works amazing with both my laptops and my desktop. Zero issues. To use them with my android phone the B&O connection app has to be open, WiFi on, precise location approved. Because of my settings for precise location data not being available for apps in the background, the B&O app has to be focused. If WiFi is off, and precise location is denied the app refuses to connect to the headphones, despite my actual phone seeing and connecting to it with no issues. I’d just not use the app…but without the app there’s (absolutely intentional) audio drops. I know it’s on purpose because it happens in a pattern. 90 seconds of perfect audio, followed by four 2 seconds cuts 5 seconds apart, then another 90 seconds of perfect audio. So I just don’t use them with my phone. 🖕Damn, that’s awful. Can’t you just set the settings once, then delete the app and pair it like a normal Bluetooth device? Would imagine that should work, if it works with your laptop as well.
Nope. It only happens when connected to a mobile device. Tested it on all 3 of my android phones (current daily driver, back up phone, and an S4 that I use as a media player in my car,) my wife’s iPhone X, my Samsung tablet, and my work iPad. The S4 doesn’t have that behaviour, but isn’t really a viable option. The battery is basically only good enough to keep it powered for an hour or two, and doesn’t jive with my cell provider’s SIM it’s also running a Google free ROM… Both my more modern phones, my wife’s, and the tablets have the exact same behaviour. When I got them I had no intention of even installing the app. Wasn’t until I was trying to troubleshoot the audio drop out that I installed it. And through experimenting with permissions and services turned on and off decided to just not use them with my phone.
The settings provided by the B&O app aren’t in userland for android, and as far as I’ve been able to find, can’t be pulled up and implemented without the app.
In theory that shouldn’t be possible unless the app runs as root. Although I’m sure somebody out there has a zero day for it. Yeah I don’t know, I don’t give any application permission to use location services, and the ones like maps I set it to “Ask me every time”. I hope that’s good enough for now
