Security News > 2021 > September > Google Play Sign-Ins Allow Covert Location-Tracking
It's possible to track someone's user location via Google Play sign-ins, a researcher has discovered - a potential stalker avenue that, so far, the internet behemoth has yet to address.
In short: Arntz logged into his Google Play account from his wife's phone, in order to pay for an app that that she wanted to install.
"The timeline is an often-overlooked Google feature that 'shows an estimate of places you may have been and routes you may have taken based on your Location History.' I was curious to see what Google records about me, even though I never actively check in or review places."
Thinking that logging out of Google Play on his wife's phone would resolve the issue, Arntz was surprised to see that Google automatically added his account to his wife's phone.
"After some digging I learned that my Google account was added to my wife's phone's accounts when I logged in on the Play Store, but was not removed when I logged out after noticing the tracking issue," he said - forcing the need to manually remove his account from settings.
Another easy fix would be to send an alert to the user that the phone's location is being shared to a different phone with Timeline enabled - or, at the very least, that someone else logged into Google Play from one's device.
News URL
https://threatpost.com/google-play-covert-location-tracking/169151/
Related news
- Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries (source)
- Anatsa Android malware downloaded 150,000 times via Google Play (source)
- Apps secretly turning devices into proxy network nodes removed from Google Play (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)