Google has a problem with location data protection

Despite Google’s commitment to protecting this information for women wishing to have an abortion, an investigation reveals that the firm’s tools and applications allow people to track the location of other users.

At the beginning of July, Google announced that it would soon automatically delete location data when visiting an abortion clinic and other sensitive establishments such as shelters for victims of domestic violence. A decision taken following the cancellation of the right to abortion by the Supreme Court. While the American giant did not give a specific timetable for this change, indicating only that it will take effect in the coming weeks, an investigation carried out by the Tech Transparency Project reveals how the company’s technology could expose the location of a user.

Tools allowing monitoring without the knowledge of the user

Specifically, this non-profit organization performed two experiments showing that despite Google’s ban on stalkerware applications used to spy on individuals, the company offers the same surveillance capabilities with its tools. For the first, the TTP created separate Google accounts on two new Android smartphones, one of which was designated as “victim” and the other as “perpetrator”. The organization enabled location history on the second phone, but not on the first. She then logged into the perpetrator’s Google Play account on the victim’s phone and downloaded some apps. The device was subsequently taken to various locations over the following weeks to determine if the perpetrator was able to see his whereabouts and track his movements.

The TTP then discovered that he was able to see the location of the victim’s phone during and after various trips, including one to a Washington clinic offering abortion services. The route and position were visible in his own location history and the former was also visible via Google Maps on his phone. Additionally, the Timeline feature on the app displayed the route and accurately identified the victim’s whereabouts shortly after the victim visited the clinic. She even noted the time the victim spent in the clinic. Finally, more than two weeks later, the location of the clinic was still present in the location history displayed on the author’s phone.

For the organization, this means that either Google has not yet implemented the announced change or that its system for detecting and removing sensitive positions is faulty. “What is clear, however, is that users’ safety and security are at risk from Google tools that allow others to track their location without their consent.”says the TTP.

Misled users

The second TTP experiment was based on a Reddit post from an individual who discovered he could track the location of his then-girlfriend after logging into her Gmail account on his phone. The organization used the same two Android smartphones and Google accounts and then logged into the perpetrator’s Gmail account on the victim’s device. She discovered that he was able to see the positions and routes of it on his own phone. The TTP thus indicates that although a victim may notice that someone is logged into their Gmail account on their phone, they may not be aware of the consequences. Indeed, the fact that she has deactivated her location history can make her believe that her movements are not stored anywhere else by Google when this is not the case.

“Google said it wants to protect women by removing abortion clinics from their location histories. Our study shows that they did not. Even if they end up delivering on that promise, attackers can still use Google tools to track their victims anywhere else in the world.”said Katie Paul, director of the TTP, at the Guardian. For its part, the Mountain View firm believes that the organization’s experiments are unlikely scenarios since they would force an unwanted user to access a device, violate the security of it without the user not going. account that another account is connected. “We encourage everyone to regularly check the accounts associated with their device and to only share their device password with trusted devices”, explained a spokesperson for the company told the British daily. He also indicated that the change announced at the beginning is now in effect and applies to all abortion clinic visits in the future.

Leave a Comment