Do you remember the popular 1983 song by Rockwell, “Somebody’s Watching Me?” The song features Michael Jackson singing chorus vocals and was number two on the Billboard chart. Had Google’s Android been around then, the “paranoid-themed” song would have been vindicated.
Fast-forward 40-plus years and Android devices are in fact tracking you, your employees, and your clients!
Researchers at Malwarebytes have found that multiple identifiers are used to track the users of an Android handset, even before they have opened a Google app or signed in to their Google account. Pre-installed apps like Google Play Services and Google Play Store send cookies, identifiers, and other data to Google servers
Without user consent, researchers flagged at least five types of identifiers:
- Advertising analytics cookies
- Tracking cookies
- The Google Android ID
- Analytics cookies used for A/B testing
- Multiple other cookies and identifiers which can uniquely identify the handset
There is no option to opt-out of, although Google uses some of these identifiers for advertising.
Of course, this does not ever take into consideration any other apps you may have downloaded to your Android (or iOS) phone that track you. Social media apps, travel apps, banking apps, etc. Do you get the picture?
Other than violating the user’s privacy there are serious potential risks to the user that result from the ability to track them wherever they are. Here are a few examples:
- Employees targeted while traveling for espionage, kidnap, etc.
- Employees targeted while not traveling, particularly for espionage (theft of sensitive information or intellectual property)
- Executive Protection Teams who must protect the movements of their team and in particular their clients
- Investigators, public or private, whose location must remain confidential
And the list of risks goes on. So, what can be done other than carrying a burner phone which may not be practical?
- If you deem this an elevated risk, consider an Android alternative that does not track the user, or for that matter does not emit any signals for a third party to track.
- Train your clients and everyone in your organization on mobile device tradecraft. Make sure they understand the basics required to protect their privacy as well as stay secure.
Want to learn more? Global Integrity Inc. offers secure enterprise communications solutions to protect the privacy of your organization and your clients. Visit us to learn more or contact us to schedule a consultation on how we can ensure the security or your organizations communications.
