Google Downplays Report On Android Location Data Collection

Company says data was collected as part of a heartbeat function to maintain connectivity but never actually used.

Google.sign

Google this week downplayed a report that it has quietly been collecting location data from Android devices even when users have disabled location services or haven't even inserted a SIM card into their phones.

In a report Nov. 21, the Quartz online site contended that since at least the beginning of this year, newer Android phones have been collecting addresses of a user's nearby cellular tower and relaying that data back to Google.

Such data, while not as granular as GPS data, could still help entities--including Google--triangulate a user's location with considerable accuracy and far beyond any consumer's reasonable expectations of privacy, Quartz said.

Quartz said its investigation showed that the location-sharing practice wasn't confined to any particular type of Android smartphone or tablet. Instead, the cell-tower address data was being collected from all new Android devices as the result of a change to Google's Firebase cloud messaging service in early 2017.

Google Claims It Was Not Using Data to Target Ads

Google did not dispute Quartz' claims about collecting the described data from new Android phones. But the search king claimed the data was not being used to deliver targeted ads to Android users as the report seemed to suggest.

"To ensure messages and notifications are received quickly, modern Android phones use a network sync system that requires the use of Mobile Country Codes (MCC) and Mobile Network Codes (MNC)," the company said in a statement.

For instance, a service provider might collect an Android device's country and network code to manage connectivity and to ensure that messages and notifications are properly relayed to it. The data helps locate where a device is located geographically and helps maintain a persistent connection to Google's servers.

As part of this so-called "heartbeat" process, Android devices need to ping Google's servers at periodic intervals. The period between pings can vary by network and can have an affect on battery life and connectivity.

Google traditionally has depended on mobile country codes and mobile network code to maintain heartbeat connectivity. But starting earlier this year, cell tower ID information began getting collected from Android devices as well as the result of a change to Google's Firebase messaging platform.

Data Unrelated to Location Services in an Android Phone

But, according to the company, the information was never actually used to determine an Android device's location and is completely unrelated to the location services in Android that user's can enable or disable. That particular feature helps provide a device's specific geographic location to applications on a device.

According to Google, the company never incorporated cell tower ID into its network sync system, so the data was immediately discarded. Google has also updated its systems to ensure that cell ID information is no longer sent to its servers as part of the heartbeat feature.

"MCC and MNC provide necessary network information for message and notification delivery and are distinctly separate from Location Services, which provide a device’s location to apps," Google said.

This is not the first time that Google has been caught collecting user data in an unexpected manner. Last month, for example, Google acknowledged an issue with some of its web-connected home speaker systems that caused them to record what a user might be saying all the time, without the user have to utter the trigger or wake up words.

More controversially, about five years ago, the company took a lot of heat after its Street View vehicles were caught collecting WiFi data from unprotected home networks. Then as now, Google claimed the data collection had resulted from an inadvertent slip-up.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.