Why you should worry about Google collecting location data from your phone without permission
2017 has been a very important year for the ongoing debate surrounding data privacy and protection. After ransomware attacks like Petya and WannaCry, which breached the personal data of thousands of computers, tech giants, including Microsoft, Google and Facebook, called upon users to understand the pitfalls of the digital age and put in greater effort to help these companies improve the security of sensitive personal data that exists on the web.
Users were warned against remaining oblivious to the harm of the blind usage of apps and services that find shelter on our phones. The argument – and a sound one at that – was that users need to take greater responsibility and ensure that their devices – desktops, smartphones and other gadgets are updated to the latest security patches at all times, or they risk letting sensitive data fall into unwanted hands.
But it seems even that is not enough. As it turns out, it's not just hackers but also tech giants, which masquerade as watchdogs of our personal data in the digital space, that we need to be cautious of.
A case in point is the latest report by Quartz, which claims that "Google is tracking Android users even when they turn location services off".
“Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google.” https://t.co/HMNaT5CuI5
— Steve Herman (@W7VOA) November 21, 2017
Google spying on its users
The possibility of digital surveillance is an accepted peril of modern day life when carrying a GPS-enabled smartphone in your pocket has become more of a need than an indulgence. Since most mobile applications today use some sort of location-based services to "improve" user experience by providing individualised service, checks and balances have been put in place to ensure that users share only what they want to, when they want to.
However, if the Quartz report is to be believed, that may not be the case. The report claims that starting early 2017, Android phones have been sharing user location by approximating distance to nearby cellular towers and sending it back to Google.
What's troubling here is that it's sharing the location regardless of users' permission, their mobile service being activated or any apps being installed on the phone.
All you need is for your device to be connected to the internet via WiFi or cellular data and it would automatically forward your approximate location to the company's servers.
In theory, over the past year, Google has been keeping a tab on your current location even if you took required measures, such as switching all location services off and even went to the extreme step of stripping your Android device of all apps and even its sim card.
Digital surveillance at play?
Even though tech giants have remained under the scanner for the alleged unethical use of their platforms in the West, in India, the debate took centrestage only when, earlier in August, a nine-judge Constitution bench upheld privacy as a fundamental right.
Importantly, the ruling also expanded the debate beyond just Aadhaar and put the focus on the privacy policy of tech giants like Google and Facebook too, who have time and again been found guilty of breaching the data privacy of users.
With India being home to the second largest Android community in the world, the possibility of Google collecting user location data becomes all the more worrying for each and every one of us. But did Google actually indulge in digital surveillance, or is it a charge built on shaky ground? Well, if Google is to be believed, there's nothing to be alarmed about.
Responding to Quartz over the matter, the tech giant said: "In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery... However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”
The fault in Google's argument
What Google is essentially saying here is that it does accept collecting data without the end user's consent only to improve push notifications and messages on Android phones. It further claims that there is no foul play at hand as it never forwarded the data to its core servers, and instantly discarded it, thus ensuring that no harm was done.
Suffice to say that, at best, it's funny and, at its worst, sickening how the tech giant does not see the problem in its argument.
The company has said that, post-November, it will not be collecting data anymore, but the real problem is that it set up a system in place to collect location data without users' consent in the first place.
Even if Google is to be believed, improvements in "performance of message delivery system" cannot come at the cost of the company disregarding a user's consent and right over his privacy, which — as the Supreme Court underlined in the August judgment — is every individual's fundamental right.
The mere fact that Google decided to transmit location data disregarding clearly defined privacy settings to improve a "push notifications service" is a worrying development.
And that's not all. Even if Google's claim about not using the collected data is to be accepted, that the move severely threatens each and every Android phone owner's privacy cannot be ignored. It also cannot be ignored that the data collected by Google could easily have been accessed by a hacker who would have found a treasure trove.
Control is an illusion
Apart from being a glaring example of disregard of our consent, the incident also raises questions about our perceived control over our personal data on the web or even our phones. Theoretically, if Google can transmit our location settings to its servers without even seeking our consent, then it might as well be doing the same with our pictures, bank details or any kind of data that we store on our phones.
However, this is not just a one-off case. For example, earlier in the year, tech analytics firm CBInsights unearthed that Facebook was developing ways to track a user's mood by recording their expressions using their own phone or web cameras even when they were not actively using the social media platform.
However, unlike Facebook, which still appears less invasive to users, Google, it seems, has decided to jump the ethical minefield by abandoning the concept of consent.
It's decided to pull the curtain and reveal the truth that we are not really in control of our personal data and privacy. Supreme Court's judgment from August – though well-intentioned – it seems is just a smokescreen that hides the real truth: Control is nothing but an illusion.