For the past 11 months, devices running on Android software have been sending “Cell ID codes,” which contain data on the addresses of nearby cellular towers, to Google, according to a report from Quartz.
After Quartz discovered the devices were collecting data, Google admitted to the practice.
“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” a Google spokesperson told Quartz.
Every time a device with a cellular data or WiFi connection came within range of a new cell tower, it would broadcast the addresses of nearby cellular towers and send the data to Google. However, the company said the data is “distinctly separate” from Location Services, which sends a device’s location to the applications.
Cell ID data only provides an approximate location of a mobile device, not a precise GPS location. However, a hacker could use other nearby cell towers to triangulate a user’s location to within a quarter-mile radius. A more narrow radius could be obtained for users in urban areas, where cell towers are much closer together.
There are more than 200,000 cell phone towers in the US, with a maximum range of less than 22 miles, according to Statistic Brain.
Google noted that the Cell ID data sent to their servers was encrypted, but Quartz noted that a hacker could divert the data to be collected by a third party through the use of spyware or other means.
Quartz found that the location-sharing was occurring on all modern Android devices. The report states that Android devices were sharing their location even when there was no SIM card installed and the user disabled location services.