This Android security flaw could let hackers follow all your movements

An innocuous-wanting function on Android gadgets was accidentally discovered by cybersecurity scientists as a signifies of spying on the whereabouts of an additional consumer, with no the need to have to put in extra stalkerware apps.

Malwarebytes researcher Pieter Arntz discovered the issue right after he signed in to his Google account on his wife’s smartphone. Unexpectedly however, this enabled him to monitor the movements of his wife or husband applying the Google Maps Timeline function. 

“After I logged out of Google Perform on my wife’s cell phone the issue was even now not fixed. Soon after some digging I uncovered that my Google account was additional to my wife’s phone’s accounts when I logged in on the Perform Keep, but was not eliminated when I logged out right after noticing the monitoring issue,” noted Arntz.

TechRadar needs you!

We are wanting at how our audience use VPNs with streaming web-sites like Netflix so we can enhance our written content and offer you superior advice. This study will not likely get much more than 60 seconds of your time, and we’d vastly value if you would share your activities with us.

>> Click in this article to start off the study in a new window <<

Arntz subsequently claimed the issue to Google, but was informed that the actions is infact a function and not actually a bug.

Flawed function

When Google could possibly take care of this as a legitimate function, and not a bug, Malwarebytes, as a person of the founding associates of the Coalition versus Stalkerware (CAS), is dealing with it as a likely flaw since its misuse would represent what it refers to as “tech enabled abuse.”

“This is much more aptly a layout and consumer working experience flaw. Nevertheless, it is even now a flaw that can and must be identified as out, due to the fact the conclusion result can even now deliver site monitoring of an additional person’s machine,” asserts Artnz.

He suggests a handful of matters Google could enhance to protect against the function from remaining misused. 

For starters, Google needs to rein in the overzealous mother nature of the function. Due to the fact the timeline function was enabled in Arntz’s machine and not his wife’s he feels he should not be obtaining the spots visited by her cell phone, in the initially place.

Secondly, though he acquired a warning when he signed into his account on her cell phone, Google must make sure a very similar “someone else logged into Google Perform on your phone” must also be despatched to her wife’s cell phone.

Last but not least, Arntz feels that Google must do a superior position of displaying the present logged in people rather of only displaying the initially letter of the Google account consumer.

For its component, Malwarebytes advises all Android people to examine if any extra Google accounts have been additional to their cell phone, and take away them manually to mitigate this risk of the flawed function.