UPDATE: Google has corrected this behavior as of Android OS 5.0 (“Lollipop”).
Every time you turn on ‘Location’ services on anAndroid phone, you’re shown a ‘Location consent’ prompt, like this one:
GPS is a ‘passive’ system – a GPS receiverfigures outyourgeographic coordinates by finding a signal from at least threeGPS satellitesin the sky above. Technologies like Assisted GPS also use the mobile network to improve the speed and precision of the satellite ‘fix.’ To return information other than map coordinates (like a specific address), your phone needs to download map information in your surrounding area from the internet. By touching ‘Agree,’ you give your phone permission to share location data with various apps and services, like Google Maps.
To conserve battery life, Google’s ‘enhanced’ location services allow Android phones to determine your location without using GPS. An Android phone with ‘enhanced’location services enabledwill send data about nearby Wi-Fi networks to Google – Google will check its database of Wi-Fi access points to see where those networks are located, based on information collected by Google’s Street Viewvehicles and by other Android users. The advantage is obvious: GPS consumes a lot of battery power, and (if your Wi-Fi is already turned on) checking for nearby networks costs no battery.On top of that, the GPS can get a lock much quicker using theapproximated location given by Google.
However, there are a fewprivacy concerns with Google’s ‘enhanced’ location services. Last year, the Electronic Frontier Foundation tested a variety of recentAndroid phones and discovered that many of them ‘leaked’ the names of networks they’d previously connected to, providing “dangerously precise” location histories to ‘eavesdroppers,’ likethe N.S.A.orretail outlets collecting marketing data. Google is especially interested in thiskind of information because of its developmentof ‘location-aware‘ mobile advertisements (Google Now already notifies users when they’re near a retail store offering an item they’ve recently searched for, for example).Although Google insists that it ‘anonymizes’ the location data, researchers at M.I.T. argue that the‘traces’ of information left by mobile devices are “highly unique,” and can be easily identified “using little outside information.”On top of this, it’s sometimes difficult to know what all your other apps willdo withthe location data they receivefrom Google.
‘Enhanced’ location services provide a lot of useful functionality, but some users may not be comfortable continuously sharing their location information even when no apps are running. Rather than explain how the service works and clarify its privacy risks, Android has a clever user interface ‘trick’ to encourage users to turn ‘enhanced’ location on:
When the user checks ‘Don’t show again’ on the ‘Use enhanced location service?’ prompt, the ‘Disagree’ option turns gray and can no longer be selected. Unchecking ‘Don’t show again’ will restore the ‘Disagree’ option… but the prompt will still appear the next time you turn Location on. The ‘trick’ is, if youselect ‘Don’t show again,’ you must waitseveral seconds… eventually the dialog box will disappear, and your preference will be saved (although in some cases, like on the Settings screen, the box will actuallynever disappear, and you have to wait all the way until the screenshuts off). Graying out the ‘Disagree’ button and adding this annoying‘waiting period’ discourages users from hiding the prompt, making it much more difficult to “opt-out” than it is to “opt-in”– thisseems to be theonly reasonfor including this designelement.Google offers a variety of useful tools, but their applications should help users make educated decisions about their data, not resortto deceptiveuser interfacedesigntopressure peopleinto using their services.
Learn more about your data – sign up for the Sherbit private beta here.