Security News > 2021 > September > Google Play Sign-Ins Allow Covert Location-Tracking

Google Play Sign-Ins Allow Covert Location-Tracking
2021-09-02 16:03

It's possible to track someone's user location via Google Play sign-ins, a researcher has discovered - a potential stalker avenue that, so far, the internet behemoth has yet to address.

In short: Arntz logged into his Google Play account from his wife's phone, in order to pay for an app that that she wanted to install.

"The timeline is an often-overlooked Google feature that 'shows an estimate of places you may have been and routes you may have taken based on your Location History.' I was curious to see what Google records about me, even though I never actively check in or review places."

Thinking that logging out of Google Play on his wife's phone would resolve the issue, Arntz was surprised to see that Google automatically added his account to his wife's phone.

"After some digging I learned that my Google account was added to my wife's phone's accounts when I logged in on the Play Store, but was not removed when I logged out after noticing the tracking issue," he said - forcing the need to manually remove his account from settings.

Another easy fix would be to send an alert to the user that the phone's location is being shared to a different phone with Timeline enabled - or, at the very least, that someone else logged into Google Play from one's device.


News URL

https://threatpost.com/google-play-covert-location-tracking/169151/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 995 4843 2751 1634 10223