Six Lines

Google Location Data Lawsuit

Posted by Aaron Massey on 10 May 2011.

Google is being sued about the storage, collection, and use of location data on Android phones:

Last week developers also revealed that Android devices keep a similar cache of cell tower and WiFi data, though Android limits the amount of data to 50 recently accessed cell towers and 200 recently accessed WiFi networks. Like iOS devices, a person would need to “root” (similar to “jailbreaking”) an Android device to get the data, but in contrast to iPhones this data isn’t synced to a computer.

More disconcerting, however, is the fact that Android devices collect “its location every few seconds and transmitted the data to Google at least several times an hour,” according to research by security expert Samy Kamkar. Google said it uses this data for a variety of uses, but unlike Apple, Android attaches a unique ID number to the data. While that ID number is effectively random and can’t be directly linked to a particular device or user, it is possible to analyze such data and correlate it to particular individuals using increasingly advanced “deanonymization” techniques.

Detroit area residents Julie Brown and Kayla Molaski filed a class action lawsuit against Google over concerns that the location data that Android devices send to Google “several times per hour” is tied to a unique (though random) device ID. The lawsuit further alleges that this data is sent to Google unencrypted. “The accessibility of the unencrypted information collected by Google places users at serious risk of privacy invasions, including stalking,” according to the complaint.

It was really only a matter of time after Apple’s recent location data revelations.