Post by: Paul Ducklin | SOPHOS Naked Security | Published on: 09/13/2016


Android users have been complaining that a recent update to Google Play caused havoc with battery life.

The traditional explanations you’ll hear for an upsurge in power usage are “you must have a virus on your phone,” or “you probably turned on GPS without realizing it.”

We’ll ignore the “you got a virus” issue for now; it’s not relevant here. (In any case, please don’t rely on power consumption as an indicator of infection, because malware can do plenty of harm while hardly touching your battery.)

GPS is a receive-only technology – your phone isn’t energetic enough to communicate back to the GPS satellites, which orbit at an altitude of about 20,000km – but it’s still notorious for eating through batteries in order to keep up an accurate stream of location data.

Additionally, mobile phones on which you’ve authorized the collection of location data keep up an outbound data stream anyway, communicating back to one or more vendors via Wi-Fi or the mobile network.

That’s how the apps on your mobile phone always seem to know where you are: they generally do know where you are.

The obvious solution is to turn off location services altogether, but with Google Play showing up as the main culprit, why not use the granular, per-app permissions system in Android 6 and 7 to get the power-sapping Google Play off your tail while letting your other apps know where you are?

After all, you may have installed an app like Sophos Mobile Security, which requests access to location data up front in case it needs it to trigger its “find your phone” feature, but doesn’t need to call home all the time and therefore doesn’t flatten your battery.

You might consider it reasonable to leave your chosen security product in touch with your location, just in case you need to know where your phone is, while cutting off the Google apps that go after your location data incessantly because they want to know where you are.

No per-app choice for Google Play

It turns out you can’t do that.

The Android permission control subsystem that lets some apps read your location while blocking others is, it seems, brokered through Google Play Services itself.

Google Play essentially acts as a geolocation proxy: it keeps track of where on behalf of the entire device (and, of course, on behalf of Google), and passes that data on to other apps only if they’re authorized to access it.

If you go to Settings | Apps | Google Play services | Permissions, you’ll see the app has the right to read your location, with a toggle that implies that you can turn off location access for the Play Services app alone.

But the Google Play services app, however, can only be denied access to your location data if you turn location collection off entirely, unlike other apps such as Google Chrome or Sophos Mobile Security, where the per-app toggle works as expected.

In other words, if you want to allow even a solitary third-party app to have access to your geolocation data, you have to let the Google Play at that data, too.

And Google really does want to know where you are, because the moment-by-moment detail of your movements is worth money to Google, who can sell that data to advertisers in real time, for example as you walk near, walk into and then walk around a store.

Just like Minority Report.

If you want to opt out, you’re back where you were before Google introduced per-app permissions, with Location on or off your plain, binary choice.

OK, so not quite like Minority Report, because there is still a choice.

For now…


Would you like more information?

Click here or leave a comment below!

Reference Article:

Call Us