If you’re an Android user, the smartphone in your pocket might be blasting out a list of your favorite hangouts, according to a new report by the Electronic Frontier Foundation (EFF). The group discovered that Android devices released within the last three years or so have a nasty habit of broadcasting the names of previous Wi-Fi networks you’ve used, potentially revealing locations you visit and damaging your privacy in the process.
Android phones running the Honeycomb (3.1) version or later include a feature called Preferred Network Offload, which appears to be the culprit. When a smartphone with this vulnerability is in low-power mode with its screen off, it will frequently browse for a Wi-Fi network to connect to and sends out a list of preferred networks in an attempt to save time.
Depending on the names of the Wi-Fi networks you’ve connected to, this information could reveal locations you often visit—like “Tim’s home Wi-Fi” or “Caribou coffee Internet.” That data can be used to learn a user’s daily routine, determine when they’re away from home, or a variety of other worrisome details.
The good news is that this feature can be disabled in many devices by going into the “Advanced Wi-Fi” settings and disabling the “Keep Wi-Fi on during sleep” option. Unfortunately, the fix doesn’t work on all vulnerable devices, as the EFF notes that turning off the Wi-Fi sleep option on a Droid 4 didn’t keep it from broadcasting the sensitive information.
Upon contacting Google, the EFF was told that the company is looking into the issue and will decide “what changes are appropriate for a future release.”
Photo via Johan Larsson/Flickr (CC BY 2.0)