Android 11 to clamp down on background location access – Naked Security

Is Android finally about to get on top of apps that quietly suck up location data?

Google’s been wrestling with the issue for years but each control it has introduced has turned out to have exceptions that app makers are happy to exploit.

Some apps need location access to work (SatNav, weather apps, carrier services), some need it some of the time (shopping apps, social media), while most of the rest rarely or never need it at all.

And yet, with Android 11 in the works, Google finds itself having to refine location access once again by announcing a lock on how apps access location even when they have general access permission.

The problem is apps that continue to track device location even when they are not being used, otherwise known as background access – something users only acquired some granular control over in Android 10 last year.

Now, to batten down the hatches for good, the search giant has upped the ante – by forcing developers to submit apps to Google for checking to make sure their location access design is legit.

A quick recap…

In Android 6, 7 and 8, app location access was handled by a toggle between on and off, with a separate option to do so using ‘high accuracy’ mode (i.e. using Wi-Fi, Bluetooth, mobile networks in addition to GPS).

Android 9 continued the on/off toggle for app access but turned high accuracy mode into the global default when location access was turned on (turning it ‘off’ disabled everything bar GPS).

In all cases, apps that wanted to access a device’s location had to ask permission, in effect turning the slider to ‘on’ on behalf of the user.

But once turned on, that permission proved tempting to abuse by apps looking to siphon off as much commercially valuable data about device users as possible, whether that was necessary for the app to function as advertised or not.

Frankly, this was a bit of a mess. A 2019 study discovered that apps with location permission could use covert and side channels to quietly share it with other apps that had been denied the same access, all handily enabled by third-party SDKs. Another 2019 study showed just how much can be inferred about people’s lives from simple location data.

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.