Let’s say you decide to check a few emails on your Android smartphone from your favorite Starbucks for a few hours before heading into work for the day, and then connect to an open network on the subway during your morning commute. Before arriving to the office, you’ve already connected to two open WiFi networks. Seems pretty harmless, right? Think again.
A study recently published by the Electronic Frontier Foundation (EFF) states that Android smartphones (not less than three years old) run the risk of broadcasting precise location details to any other device connected to a WiFi network within range. This has been traced to the Preferred Network Offload (PNO) functionality, which runs on Google’s legacy Honeycomb operating systems (Android 3.1).
Because cellular usage can drain battery faster than WiFi, PNO allows users to connect to familiar, previously used WiFi networks even when the screen is off. Although this was designed with energy saving capabilities in mind, it certainly leaves much to be desired when it comes to security.
Findings in the EFF report state that PNO could result in broadcasting 15 recent network lists from your history with very precise location details. Hackers within WiFi range can easily intercept this information and determine places the owner has visited. The report also states that phones can broadcast recent location details even when the phone is NOT connected to WiFi.
Studies show Android’s running the 3.1 operating system run the greatest risk of this security flaw. The Nexus and Droid models, along with the HTC One, are on the list of affected devices.
What can you do to stay safe when using your Android smartphone to connect to WiFi networks? Industry experts suggest using secure, encrypted wireless network connections whenever possible. However, when WPA2-Enterprise is not available, the solution to the Android issue is pretty simple, but may cost you in battery power. Navigate to your device’s “Advanced WiFi Settings” panel and switch “Keep WiFi on during sleep” to Off.
In this case, sacrificing battery power for safer browsing on your smartphone is well worth the extra trouble. The Android security flaw was reported to Google and EFF noted that a patch was recently designed to combat the location tracking issue.