If you’re obsessed about privacy, this should be a bad day for you: according to a research done over at CNET, Google is tracking users through their individual device addresses and making them searchable. How does it work? We’ll explain.
Most companies that own any kind of location services, such as Google, Microsoft or Apple, track the location of every device’s individual address as long as its connected to a Wi-Fi network. Those "individual addresses" are known as MAC addresses and are different for every device that’s able to connect to a network, much like fingerprints, and unlike IP addresses, these are embedded to the hardware itself. Android locates all visible MAC addresses on wireless networks nearby and sends the data back to Google.
While that alone might be enough to upset a few users, it now turns out that Google has made those MAC addresses fully searchable on its Maps service, theoretically allowing the location of users to be searched. That could be particularly creepy, or even dangerous, if criminals manage to get their hands on the MAC addresses of their victims, which can be easy if they have access to the hardware.
The situation might not be as bleak as it’s being made out to be, however. Google said in a statement that the MAC addresses of mobile devices are discarded:
We collect the publicly broadcast MAC addresses of Wi-Fi access points. If a user has enabled wireless tethering on a mobile device, that device becomes a Wi-Fi access point, so the MAC address of such an access point may also be included in the database. Wi-Fi access points that move frequently are not useful for our location database, and we take various steps to try to discard them.
Still, some mobile addresses might sneak by, leading to the dangerous scenario we mentioned above. Even if mobile devices aren’t tracked at all, having all remaining MAC addresses searchable could still pose a risk, since it could reveal a user’s home address to someone ill-intentioned.
It’s important to keep in mind that it’s fairly difficult to obtain a MAC address remotely, which will likely keep pranksters from setting off a smelly bomb at your doorstep. However, users should somehow have the right to opt-out of being tracked entirely, if they so wish.