It’s up to Google to close this dangerous loophole.” Even if they eventually make good on that promise, abusers can still use Google tools to follow their victims everywhere else in the world. Paul added: “Google says it wants to protect women by removing abortion clinics from their location histories. Researchers have also pointed out that Reddit forums include posts from users who discuss how they discovered partners were cheating on them because they were logged in to their partner’s mobile phone via Gmail or other apps. We have a duty to warn people about how easy it is for someone to track them without their knowledge or consent.” The problem has only grown more urgent since then. Katie Paul, director of TTP, said: “Google was told that its own tools could be used for stalking nearly a year ago, and the company did nothing about it. Second, he said that his wife should have received an explicit warning that “someone else logged into on your phone”.Ĭontacted by the Guardian, Arntz said Google never responded to his issue report or to his blogpost, even though the blogpost received a lot of attention from privacy experts at the time it was published. In his case, as in TTP’s experiment, the Google timeline was enabled on his phone but not on his wife’s, so he noted that he should not have been able to receive the locations visited by her phone.
Under scrutiny android#
In that case, Arntz reported that he had inadvertently been able to “spy” on his wife’s whereabouts after he installed an app on his wife’s Android phone, which ultimately led him to receive updates on her location on his own phone.Īrntz said he submitted an issue report to Google with specific information about how he had obtained the location information, and made suggestions about how the company could take steps to protect users’ location data from inadvertently being shared.
TTP’s experiment replicated a similar finding that was published by a respected malware intelligence researcher, Pieter Arntz, on his blog in 2021.
“When TTP took a phone to an abortion clinic, the clinic’s exact location remained in Google’s location history for more than a week, suggesting that either Google has not yet implemented these changes or the company’s system for detecting and removing sensitive locations is faulty.” TTP said: “It is unclear how Google plans to implement these policies, and how long sensitive locations will remain on users’ location timelines before the tech giant deletes them.
Under scrutiny full#
A full week later, the clinic location remained in Google’s location history when viewed on the perpetrator’s phone and in a desktop browser. The route and time spent in the Planned Parenthood clinic was also viewable to the perpetrator via the Google Maps app on the perpetrator’s phone. In this case, the victim’s location history was turned off, but the perpetrator’s was enabled. Second, the same experiment showed that the victim’s visit to an abortion clinic, a Washington-based Planned Parenthood, was visible to the perpetrator and was not automatically deleted. First, if an Android user (described as a “perpetrator”) could get access to another user’s phone (described as a “victim”) and log into their own account using a Google app on the victim’s device, such as Google Play, the location history of the victim would then be visible to the perpetrator, without the victim being given any clear warning that they could be tracked.
In a report published on Thursday, TTP researchers made two findings after an experiment using two new Android phones. The supreme court’s decision to overturn Roe v Wade, the landmark ruling that ensured women had a federally protected right to get an abortion, has prompted concerns among privacy advocates about data collection policies that could be used to track women by their intimate partners or by law enforcement agencies in the event she was seeking access to an abortion.