The seven main privacy problems we have on our Android device
The seven main privacy problems we have on our Android device (09:14)
[wcm_restrict plans=”admin”]
Now that we have a better understanding of what our digital environment looks like, it’s time we start looking at our Android devices. What are the main privacy-problems we have on our Android device? Can we prevent our data from leaking into the big world of databrokers and big brother governments? In this lesson we’ll discuss the 7 main problems we have on our Android device. In the next lesson, we’ll dive into the those same problems, and what we can do about them in a new technical setup on our Android phones. Let’s head on to the first problem:
- Network scanning
Your device is scanning for networks 24 hours per day, 7 days a week. Google scans for Wifi routers for: the mac adresses of those routers, the signal strength of those routers and the GPS position. This is permission less: you have nothing so say about this as an Android user. This is done constantly. Google uses this to build an enormous database to track every human being with a smartphone. This tracking is the basis of Wifi triangulation, which is a location tracking method that is way more accurate then GPS and highly privacy invading. One of the reasons it’s privacy invading, is that it’s tracking you indoors. The other reason is that, while scanning for Wifi routers, it determines your own location on a really precise way. So because of Network Scanning, Google knows exactly where you are.
2. Wifi triangulation
Wifi triangulation is basically the same as network scanning, but there is one big difference. Wifi triangulation is the actual location as shared with third parties (non Google applications) like apps and websites. So this is not for Google, because it already knows where you are based on Network Scanning. This is a permission-based system, which means it can be controlled through software. So whenever a third party application sends a location request to Google, this can be denied. Third party applications are selling location data to other third parties, so doing something about this is really important.
3. Google Telemetry
Google Telemetry is the most invasive form of tracking. Like we discussed in ‘Connecting databases, the big danger’ you have to sign up onto you Android device with your Google account e-mailadres. Whenever you do so, all your app purchases and app activities are connected to your account. This is how it works: all Google apps have to be written in a language called java. These apps have to be submitted for approval in the Playstore and are only partially controlled by the programmer. A lot of code is added to the app as required by Google. So then the app itself runs in a captive container that has been setup by Google. This basically means that a lot of functionalities of the app have Google involvement. This can include the database, notifications, payments, in app purchases and can even track if what de phone is doing, if it’s on and matches it to other data on the phone. Because the Google Telemetry, Google basically knows everything regarding activity.
4. Trackers
A tracker is a script within a website or an app which, like the word suggests, tracks your behavior. Those trackers are also being used by the Google Telemetry we just discussed. Who are you, where do you digitally move to or from and how do you behave or interact with the app. Those are all measurements that can be done by trackers. Some apps use their own tracker script that is purposely added into the apps code, those are first party trackers. But most tracker scripts are scripts from the Big Tech companies that are required, as is the case with Google Telemetry, or free-willingly used by the app, those are third party trackers. Different types of trackers are cookies, super cookies, embedded scripts and fingerprints. Trackers are not always a bad thing. First party cookies can help you remember logins for example. But third party cookies are mostly used to track people. Super cookies are a bit more extreme. They can be permanently stored on your computer. They can’t be deleted automatically as you can do with normal cookies. With super cookies you can access personal information, behavior and preferences. Embedded scripts can be visible or invisible elements on a page that are able to do a variety of things, from recording your IP adress to capturing your devices specifications. And last but not least: Fingerprinters. This is one of the most privacy invasive forms of tracking on the internet. It allows to combine browsing data from someone, without needing someones IP. It does this by combining unique identifiers of a device like IP adress, device model, screen type, battery level, graphics card, browser version, OS version etc. With this form of tracking, a specific computer can be picked out of millions. And it should come as no surprise that Facebook is using this technology to basically spy upon everyone. Even if you don’t have, or make use of Facebook. Pretty creepy right?
5. IP adress
As we discussed already, next to fingerprinting and your e-mailadress, your IP adress might be one of the biggest problems when it comes to being tracked online. This not only goes for you Android device, but for everything that connects to the internet. Every device and every networking router has an IP address. When you know someones IP address, you can basically track them to their front door. This is especially true for your networks IP address. If you don’t act on this in any way shape or form, tracking your internet traffic to your front door becomes really really easy.
6. Proximity tracking
As we’ve seen in the Corona pandemic, bluetooth contact tracing has become a hot topic. Bluetooth contact tracing might be the most invasive form of proximity tracking. Google and Apple already rolled this out in Android and iOS, without user consent. Normally with bluetooth, you will have to enable the ‘being searchable’ mode. This basically let’s the bluetooth scream “I AM HERE” into the electromagnetic spectrum. Take for example your car: when you want to connect your phone for the first time, you should enable the ‘being searchable’ mode on both devices. Otherwise they can’t connect. By enabling this they can both see their MAC adress identity and can therefore connect to each other. Because however, the desire of Big Tech and governments to track people more and more in 2020, bluetooth doesn’t require this active action from the user anymore. When bluetooth is turned on, your device unique identifier is leaking to other nearby devices all the time. This can be used to profile who you meet en where you go.
The emission of WiFi probs is another form of proximity tracking. As is the case with bluetooth contact tracing, WiFi emissions also emit what is called a WiFi probe. There is no need for you to sign into a WiFi network, to still be leaking your MAC adress. The biggest privacy concern in this is the reach, these can head up to 60 feet, 18 meters.
And last but not least: UXDT tracking, ultrasonic cross-device tracking. Imagine this: you’re watching a car commercial on TV. You’re phone picks up a sound that’s on a frequency that’s suited for human ears. But because of this sound, your phone knows that you’ve seen the commercial and can now start showing you other ads from the same car brand. We won’t go to much in dept with this, but this is a real basic explanation of what UXDT tracking is. Ever since this form of tracking was exposed, the Federal Trade Commission has been putting out warnings against companies using this. Ever since, this is not such a big deal anymore. But still we will take action against it.
7. Firmware spying
There are parts of your phone constantly leaking and acquiring data. Your Wifi adapter is sending out your mac adress for example, you can’t stop this. Facebook uses this to check who we are connected to and which places we like to visit. These backdoors are often used by intelligence agencies to listen in to conversations, capture text messages and even turn on phones to eaves-drop. Firmware on Android devices are black boxes that are running on every phone.
Now that you have a better understanding of the main privacy problems on your Android device, it’s time we start looking into which of these problems can be solved. And what are we going to do about them? See you there!
[/wcm_restrict]
1 Reactie