Google Android Joins Apple iOS in Location Data Lawsuit

You will all have heard how Apple is facing a class action due to iPhone software storing geolocation information – well, iOS is not the only one to be dragged over the coals. Google Android is also being sued for similar data collection.

News broke just over a week ago that iOS devices cache large amounts of location data in a file that is backed up to users’ computers.

This file is hidden away and sits there unencrypted – so anyone with access, or who can gain access, to that machine could also swipe the past movements of the iPhone or iPad’s user.

Apple announced that the data was a cache of nearby cell tower and WiFi access locations downloaded from Apple, which iOS devices can use to more quickly narrow down a users location when GPS signals are weak or dead. They admitted that the cache grabs more data than necessary and that an upcoming iOS update would restrict the size, encrypt it on the device, and keep the data from being backed up to users’ computers when syncing with iTunes.

While everyone was vilifying Apple it turns out that Android devices also store cell tower and WiFi data – Android, however, does limit the amount of data to 50 recently accessed cell towers and 200 recently accessed WiFi networks. Just as with the iOS devices someone would have to ‘root‘ the Android device to get at the data – the main difference between the Android cache and the iOS one is that the Google-flavoured snooping isn’t synced to a computer.

The thing is that Android devices collect “its location every few seconds and transmits the data to Google at least several times an hour,” as reported by security expert Samy Kamkar.

Google has admitted that Android attaches a unique ID number to the data – even though this ID number is random and, apparently, can’t be directly linked to a particular device or user, it was proven over 10 years ago that anonymous information can be ‘deanonymised’ and, in tests, 87% of all American citizens can be uniquely identified purely by using three common bits of information which are easily obtained. This system has obviously moved on and continues to ask just how secure our personal data is.

Detroit area residents Julie Brown and Kayla Molaski filed a class action lawsuit against Google over concerns that the location data that Android devices send to Google “several times per hour” is tied to a unique (though random) device ID. The lawsuit further alleges that this data is sent to Google unencrypted. “The accessibility of the unencrypted information collected by Google places users at serious risk of privacy invasions, including stalking,” according to the complaint.

Even though Google says that the collection of the location data is entirely opt-in. “We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices,” the class action lawsuit claims that Google knows that “ordinary consumers acting reasonably would not understand the Google privacy policy to include the extensive location tracking at issue in this case.”

The lawsuits asks the court to make Google stop tracking Android users or to clearly inform users of “its true intentions about tracking,” including whether that information is released to third partis are used for marketing.

It also seeks monetary damages “in excess of $50,000,000.00” plus damages.

Both Apple and Google plan to attend a hearing before the Senate Judiciary Subcommittee on Privacy, Technology, and the Law on May 10 to discuss the very issues called into question in the lawsuit.

How concerned are you about this?