Who's The Smart One Now? in [Market-Ticker]

Posted 2011-04-22 10:17
by Karl Denninger
in Technology

Who's The Smart One Now?

Following up on my "So You Want a SpyPhone Eh?" piece from the 20^th we get this interesting little ditty in the Wall Street Journal this morning:

In the case of Google, according to new research by security analyst Samy Kamkar, an HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It also transmitted the name, location and signal strength of any nearby Wi-Fi networks, as well as a unique phone identifier.

Much depends on what you have turned on - or not.

This is one of the places that Android is different. Here are the screens in question on my Android-powered phone:

Note the "location" tab. Here's what's inside:

And if you turn off and then back on (or on originally) the top selection, this is what displays:

Uh, see that quote up above?

Now I've gone through Android with a pretty fine-tooth comb and I've not found what this person claims is being sent - that is, the IMEI (unique to each handset) or something similar. That's not to say I couldn't have missed it - I might have. But with Android, at least allegedly (and as near as I can determine from monitoring when it powers up the data connection and sends up data unsolicited) if I have location data turned off it does not appear to be sending anything.

That is, I can quiesce data connectivity by killing any applications that run background data. Android phones contain a little icon that tells you when transmission is taking place over the wireless network. If I have those applications all turned off (e.g. email) and also have locations disabled, I've yet to observe the phone transmitting data on an unsolicited basis. My examination of the code appears to confirm this expectation and observation.

I also have, on my phone, a local navigation application (ALK's CoPilot) that runs from data on the SD card. It uses the GPS in the phone but is not reliant on a data network connection. When that is running the top bar that shows data activity remains visible, and once again, while actually driving with it enabled but locations turned off, I have yet to see the phone attempt to upload data unsolicited.

There are a few other things I've turned off and changed, however. One of them is Android's "open Wifi finder." I disable it mostly for power reasons; having the Wifi chipset scanning all the time for open networks consumes quite a bit of power. As a result I turn the "network notification" checkbox off, and when away from anywhere that is expected to have a Wifi connection available I use a home-screen widget to disable Wifi entirely.

The iPhone claim was of an entirely-different color. Dropping a "breadcrumb" log file in the phone's data directory that is effectively appended to all the time has no rational purpose for providing location data to an application right now - that is, "where are you"? Rather, it's only used for showing where you've been. Some applications (e.g. a navigator) obviously need to know where the phone is. Knowing where it was is very, very different, and attaching a user-specific identification to that data (which is always the case when the data is stored on the phone itself) just adds more insult to injury.

There is another point that people have brought up in the last couple of days as well - and that is the fact that your carrier knows where the phone is whenever it is turned on. This is true within a rather-large area of uncertainty - since the phone is connected to a tower, and it also has the adjacent-cell visibility data that is transmitted on the control channel back to the tower, a reasonable guess (within a moderately-large area) as to where the device is can be ascertained. This information is necessary for the phone network to operate - the tower has to know which adjacent towers your phone can "see" in order to perform a hand-off from one tower to the next as you move.

But that data, at the level of the carrier, has always required a subpoena to obtain. If the cops are looking for you, and they know your cellular number and that you've probably got the phone with you and it's on, they can get a warrant or subpoena and take it to the phone company. They'll get the data, and on request the cell company can perform what amounts to triangulation using the propagation delay between different cells. This won't provide a perfect location by any means, and the data available without specific triangulation is "rather" prone to error. For example, this is where Google Maps says I am right now, not using the GPS:

I assure you that I am not swimming while I write this. smiley

Never mind that 3200 meters is quite a distance, and what's better I'm not inside the error circle either. That is, Google got it "just a bit" wrong.

The upshot, however, is this: If either Apple or Google is collecting data linked to your specific device and thus person (e.g. your Google or iTunes account) then it appears, from the disclaimer and disclosure being provided that they are violating the law as you never consented to any such thing.

If Representative Markey is looking into the matter then I have this recommendation for him, since it appears we have conflicting data points: Someone needs to get the executives involved up in front of Congress for some sworn testimony, along with people who examine both the code (when possible, as is the case with Android) and a dump of the data stream being emitted under various conditions.

Let's get to the bottom of this, and if there have been violations of the law, either here in the US or in other nations, heads must roll.

Discussion below (registration required to post)

Main Navigation

Full-Text Search & Archives

Archive Access

Blogtalk 3:30 CT Mondays

Items To Look At

Discuss The Capital Markets along with daily technical analysis with our Gold Donor program.

Where We Are, Where We're Heading (2013) - The annual 2013 Ticker

Links and Blogroll

Our policy on reciprocal links: Send us an email with your information and why you think your blog or news site would make a good addition - in most cases reciprocal link requests will be granted.

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Looking for "The Best of Market Ticker"? Check out Ticker Classics.

Visit the forum to discuss this and other investing-related topics; see the FAQ on the forum for information about Gold Donor status including access to our technical analysis video server.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Leads on stories of current economic and political interest are always welcome. Our fax tip line is 850-897-9364; please include contact information with your transmission.

User Info	Who's The Smart One Now? in forum [Market-Ticker]
Onelegged Posts: 267 Incept: 2009-11-13 NW Colorado	I made a 911 call for a lightning-struck power line that was down on my property in 2009. The 911 operator confirmed my position over the phone. She was off by exactly one mile. I find it hard to believe that the police would bother getting a subpoena to get this information because it is so easy and anonymous for them to access. ---------- The light at the end of this tunnel is a train. 2011-04-22 10:24:54 Permalink
Tz Posts: 785 Incept: 2007-09-18 varies Banned	Police can - often without subpoena - just ask sprint or the other carriers and they will tell them (via website) where your phone is. http://tpmmuckraker.talkingpointsmemo.co.... ---------- "I am become debt, destroyer of worlds" 2011-04-22 10:32:36 Permalink
Themortgagedude Posts: 8853 Incept: 2007-12-17 saint louis	Free Iphones for everyone. Woohoo. I can see the settlement now. ---------- I'm already visualizing you with duct tape over your mouth. 2011-04-22 10:35:45 Permalink
Drench Posts: 28631 Incept: 2009-11-10	Which iOS versions do this? 2011-04-22 10:36:09 From PDA Permalink
Clear2tack Posts: 28 Incept: 2009-05-17 San Carlos, CA	Cell phone towers are sited to divide the area and create "cells". To do location from the tower, multiple towers must receive signals from the mobile phone simultaneously. The division into cells makes money for the service provider, location, not so much. The pathological case for position location is a common siting for towers, along a major highway. The differential time of arrival calculation comes up with two solutions, one on each side of the highway. GPS is also a differential time of arrival system, each satellite continuously broadcasts time, the receiver needs 4 of these signals to figure out time and 3D location. 2011-04-22 10:45:47 Permalink
Rdgdawg Posts: 165 Incept: 2010-04-30 WI... but no brats or cheese...	My Blackberry Pearl's GPS does the same... have to turn it off, then says "only 911 can access location. Even if location is turned on, no service may use your location without your express permission" Really... I believe it????? ---------- I work hard because millions on welfare depend on me! 2011-04-22 10:48:01 Permalink
Genesis Posts: 130796 Incept: 2007-06-26	"fine-based location" (e.g. GPS), on an Android device, sticks a beaconing icon up on the status bar when it's on. There are applications (e.g. Gasbuddy) that will temporarily turn it on long enough to get a fix, then they shut it back off. Beyond the privacy issue there's a good reason not to leave the GPS receiver enabled - it's a monstrous power pig! ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2011-04-22 11:04:42 Permalink
Chadseld Posts: 7 Incept: 2010-10-20	I have taken a close look at the location data from my iPhone and have these observations: - The location fix is non-GPS based. As in your example, the recorded location is often miles off. It's good enough to identify which city I am in, and if there are enough towers, which side of the city. - My data seems only to have been recorded during trips when I had the maps application open and was actively using the GPS for navigation. This is odd because the recorded location is not the accurate GPS location. I have not heard this mentioned elsewhere, so it might just be specific to my data. For example, the database contains data going back to June of 2010, but only sporadic records. My road trip to Grand Junction Colorado was recorded, but then the data is blank for several weeks. - This is the first I have heard of the data being transmitted back to Apple (wirelessly or otherwise). I would be interested in seeing that confirmed. If it is true, then this just got a whole lot more outrageous and criminal. Last modified: 2011-04-22 11:30:25 by chadseld Reason: edited typos 2011-04-22 11:29:28 Permalink
A-cat Posts: 111 Incept: 2010-06-10	What about the hidden GPS feature on Amazon's Kindle - - Is tracking active in the background when in use as an e-reader or does the user have to first, modify the firmware? 2011-04-22 11:39:06 Permalink
Harrisonact Posts: 1755 Incept: 2010-10-04 canada	Asking gubbermint to do anything about this is proper but futile. The carriers will just make the TOS 10 miles long, nobody will read it and when you caught at the house of ill repute by your wife and try to sue the carrier you're hosed. More of the same old crap. ---------- bilge My playbook speaks espańol. Deal with it. Im too lazy to fix it. 2011-04-22 11:41:38 Permalink
Marvinmartian Posts: 754 Incept: 2011-03-16 Pasadena, CA	I'm a Verizon android user. I worry about accessing my brokerage sites through it because I worry that a keylogger may have been injected into the phone. When I do this (like on vacation) I have always changed passwords after returning home. For those that are interested, here is a partial solution to email privacy on mobile phones: http://www.hushmail.com/support/mobile/ Its only a partial solution, because the pgp encryption engine is on the web server, and thus could be compromised under court order. I have yet to see a pgp app that does the encryption right on the phone, although several seem to be under development. I also find it interesting that hushmail now makes it more difficult to put the encryption engine on my local java virtual machine. This is now an "advanced" option that must be turned on to be effective. As hushmail has complete control over the java encryption program, this too could be compromised under court order. Ordinary email today has all the privacy of a postcard. Zimmerman's original PGP or its successor programs (I use GnuPG) are still the most effective way to achieve email privacy as well as authenticating the message. Any other thoughts out there? 2011-04-22 11:54:51 Permalink
Genesis Posts: 130796 Incept: 2007-06-26	K9mail and Apg. Works. On the phone, key store is on the phone with the usual PGP key password protection. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2011-04-22 11:55:41 Permalink
Lowbeyond Posts: 16937 Incept: 2008-02-11 CO aka West NJ/East CA	ALK's CoPilot ? How is that, better then the built in google nav ? I shut off gps since my battery goes poof really fast with it on but you need it for the nav app. But hell 5 bucks... ---------- Maybe it was a birdy bread-bomber from the future?! 2011-04-22 13:33:40 Permalink
Gweedo Posts: 100 Incept: 2010-11-12 Florida	K9 Mail does indeed rock. The IMAP push works pretty much flawlessly on it. Is that the Thunderbolt, Gen? Big screen :) 2011-04-22 16:12:01 Permalink
Edmcguirk Posts: 49 Incept: 2009-09-10 New Jersey	You also want to add in the worry about police dumping cellphone memory without a warrant on routine traffic stops? How far back do these cookie crumb files go? http://www.networkworld.com/community/bl.... 2011-04-22 16:51:16 Permalink
Beignet Posts: 1865 Incept: 2008-05-16 O-Town	Is see my parents street on that map! ---------- 2011-04-22 17:15:23 Permalink
Obseedian Posts: 11872 Incept: 2007-07-26 BBRY Central	Quote: Now I've gone through Android with a pretty fine-tooth comb and I've not found what this person claims is being sent - that is, the IMEI (unique to each handset) or something similar. Is it possible HTC has modified Android to add this "feature"? ---------- Would you give your money to these banks? http://bankimplode.com/list/troubledbank.... Those who vote decide nothing. Those who count the vote decide everything. - Joseph Stalin 2011-04-22 17:28:49 Permalink
J6p Posts: 2603 Incept: 2008-10-07	So how do I go about viewing this info myself on my android device? I'm rooted with aosp rom. ---------- "Master your past in the present, or your past will master your future" -weirdchina 2011-04-22 18:32:00 From PDA Permalink
Genesis Posts: 130796 Incept: 2007-06-26	Low: Copilot runs from the SD card (data is on the phone) so it does not require access to a data network. You can therefore shut the network connectivity OFF (or if you go into a place where there is none, it still works.) That's a HTC HD2 running a Desire-based ROM. Rather hacked. Source is available for the OS and kernel. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2011-04-22 18:37:08 Permalink
Deepsee100 Posts: 1304 Incept: 2008-02-05 The Med	Battery problems! Its all the tracing that's going on in the background that's doing it...and google maps although handy isn't even accurate. You're right Karl. Go copilot or...and i hope....tomtom and you just use the native gps receiver for your position rather than having to be connected via wifi/gps..**** em! But you have to know how to hack or pay the premium. ps: found maps that even worked out at sea and tracked on-board maps perfectly (even with tidal info...) disclosure: htc desire 'modded' ---------- Next 2011-04-22 19:16:24 Permalink
Genesis Posts: 130796 Incept: 2007-06-26	Tomtom doesn't have an Android version as of yet. Would have preferred it, but not available. Copilot works fine and is cheap. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2011-04-22 19:29:07 Permalink
Bohemian Posts: 9658 Incept: 2010-07-27 California	Throw the cellphones in the trash. We did fine without them for years. ---------- "The politicians are put there to give you the idea you have freedom of choice. You don't. You have no choice; you have owners. They own you. They own everything." - George Carlin 2011-04-22 20:16:02 Permalink
Tumblebug Posts: 430 Incept: 2010-03-04 Oceania Banned	This is why I don't have one. I don't trust that stuff and the 1996 communications act required all phones by 2000 to be trackable by from cell towers I said forget it. I have a Tom Tom and worry about it when I hook it up to my computer. So I leave it off until I actually have to have it I have noticed several times that it turned itself on. I was thinking it had some kind of glitch in it. Now I wonder. It stays off 99.9% of the time. But several times when I left work or left from home or came out of a store, that it was on. This is infrequent so it didn't bother me, other than it would run down the battery if I didn't catch it, it only charges when the ignition is on. Who knows what these people are doing? Taking my Tom Tom out today. Only putting it back in if I need it. I know that when it is off it doesn't know where you are at because when you turn it on it takes it about 30 sec to a minute to find the satellites. Update: I am going to wrap it in tinfoil and put it in the glove box. Paranoid? Maybe. ---------- Last modified: 2011-04-22 21:46:55 by tumblebug 2011-04-22 21:42:13 Permalink
Stockmonger Posts: 2205 Incept: 2007-06-28 Orange County	The reason they are doing this is they are using cell phones to survey the land to enable cell tower based triangulation locationing as a backup when GPS is unavailable, particularly indoors. What your phone is transmitting is a combination of a GPS point and the visible cell towers and signal strengths at that site. This allows Google to later determine location solely by surveying the cell tower wireless fingerprint, even if GPS is unavailable. As cell towers are much more powerful and penetrate indoors, it will solve the problem with GPS failing when they go indoors, underground, etc. This is crowdsourced data. Another company doing this is NAVIZON, only they actually pay people to walk around and do the same thing. ---------- occasionally I do like to see the other viewpoints of people not in my camp of theory, but I generally find it to be a waste of time. - Bear 2011-04-22 22:22:12 Permalink

Quote: