A new report shows that Google has been accessing data about Android users' locations, even when the user believes that the data is being kept private.
According to a report from Quartz, Google has been able to access users' data about their locations due to Android phones collecting addresses of cell towers. That data is then sent back to Google, which may be an invasion of privacy, the report says.
Google confirmed the practice to Quartz, but said that it was ending the practice at the end of the month, Quartz reported.
“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” a Google spokesperson told Quartz. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”
"To ensure messages and notifications are received quickly, modern Android phones use a network sync system that requires the use of Mobile Country Codes (MCC) and Mobile Network Codes (MNC)," a Google spokesman told Fox News.
"This apparent disregard for users’ data privacy needs to end," Mike Kail, CTO and Cofounder, of security company CYBRIC told Fox News via email. "Perhaps it is time for the US to consider regulations similar to the forthcoming GDPR in the EU to institute greater transparency around the collection of personal data, including location, and providing a mechanism for users to have greater control over what data gets stored and where."
A source familiar with the matter said it was not used for ad-serving purposes, but rather to improve what Google calls its "heartbeat system," which ensures "that phones remain connected and that people get their messages."
"In order for Android users to receive notifications and messages quickly, an Android device needs to maintain a persistent connection to Google servers using Firebase Cloud Messaging," the source added. "To maintain this connection, devices need to ping the server at a regular interval."
Google has built its business on advertising, of which location sharing is an important part. In its most recent quarter, parent company Alphabet said it generated $27.7 billion in revenue, of which just over $24 billion came from advertising. Between Google and Facebook, they take in nearly 85 cents of every $1 spent on digital advertising. according to some estimates.
Research firm eMarketer said in September it expects the duopoly to account for 63.1 percent of total U.S. digital ad spend, up from a prior outlook of 60.1 percent.
Eric Feinberg, of GIPEC-Cyber Intelligence Company, believes this practice is a huge risk for people, especially people whose location have to be hidden for a reason. "I think it has the possiblity of putting people at risk, especially users in the military and government jobs that may not want that may not want their locations disclosed due to the sensitivity of these jobs," Feinberg told Fox News via email.
There are approximately 215,000 cell towers in the U.S. as of September 2017, compared to just 900 in 1985, prior to the modern day explosion of smart devices such as phones and tablets. On average, the maximum range of a cell tower is just under 22 miles, but if multiple towers are used, it could pinpoint a user's location to approximately a quarter-mile or closer if it's in an urban area, like a major city.
Quartz noted that the tracking practice did not appear to be limited to any one Android phone or tablet. Even after the device was reset to a factory default setting and location services were disabled, Quartz still noted that the location was being transmitted to Google.
Follow Chris Ciaccia on Twitter @Chris_Ciaccia. This story has been updated to include comments from CYBRIC and Google.