Background
Posting pictures on social media is the trend these days. People like to show off their lifestyle, kids, vacations, material possessions, spouses, gf/bf/etc. While it is entirely an individual choice to do so, not many people are aware that pictures taken with mobile apps have built-in location services. Usually, these apps prompt the user with an option to either activate or deactivate it. There are sneaky apps that don't. Some can even activate it without your consent and sneakishly deactivate after you used it, however, this is no longer possible with newer versions of Android as Google has disallowed apps to directly access GPS service. Beware, there are apps available in the play store posing as legitimate ones. Though you are more likely to pick up malware from 3rd party sites. In case of iOS, the chance is less since 3rd party apps are not available on Apple phones.
What is Location Service?
Location service is basically GPS coordinates mapped onto a geographical map. Almost all mobile devices now have GPS chips built into it. People switch on GPS when using Waze or Google maps. Modern GPS locks on to 4 low orbiting satellites to home in your precise location and is accurate up to 4 meters! In the past, such accuracy was only available to the military. But these days, it is free for anyone. Google location service collates information from 3 different sources:
1. GPS - which is the primary choice and the most accurate.
2. WiFi Signal - accuracy depends on the signal strength, Google keeps a location list of common public hotspots such as airports, train terminals, Starbucks outlets around the world.
3. Cellular Base Station Transmission - accurate up to few hundred meters. Based on site triangulation of recipients' signal strength relative to the distance between 1 or more base stations.
1. GPS - which is the primary choice and the most accurate.
2. WiFi Signal - accuracy depends on the signal strength, Google keeps a location list of common public hotspots such as airports, train terminals, Starbucks outlets around the world.
3. Cellular Base Station Transmission - accurate up to few hundred meters. Based on site triangulation of recipients' signal strength relative to the distance between 1 or more base stations.
Location Service Dissected
In this article, I will explain how to detect location services in your pictures. Such data is also referred as metadata, or data about data. Firstly, lets take a photo with a location service turned ON.
Picture above was taken with Location Service turned ON
Most modern Operating Systems are able to detect metadata tags embedded in popular picture formats such as jpeg, gif, tiff, png and bmp. Here's an example of a GPS coordinate in a picture detected using Windows:
On Android:
Extensive metadata can be read using an EXIF tool. Here's a sample of metadata detected on Linux:
Who and Why Do We need Such Service?
From a commercial point of view, such information is useful for marketing purposes. Mobile apps are not free without a reason. There must be some commercial returns for providing a 'free' service. How do you think Google, FaceBook, Instagram, Twitter make so much $$$$? Whatever information you post, are stored for analytics on their servers. We are talking about terabytes of data from around the world! It can be used to create targeted advertisements based on individual preferences. Imagine, if you knew your customers precise location, favourite food, hangout spots, clothes, shopping behaviour, names, age, etc. They virtually know what products and services to entice you. These companies know alot about you than you are consciously aware. Location Service is just the tip of the iceberg. For example, Google & FB have been around for at least a decade, we have our emails, pictures, practically our whole life story stored on their servers! These giants also acquire other companies. A good example was the acquisition of Instagram & Waze by FB and Google respectively. So now, they also know where you travel and what you see! Reminds me of Skynet in the Terminator movie!
How To Protect Myself?
Unless you are a criminal or someone wanted, I wouldn't be too worried about your personal information being mined, afterall it is primarily for commercial purposes. But I would be careful of over exposing your personal information for everybody to see. These companies are usually govern by local privacy laws, depending on which country you live in, your personal information should be protected. However, that doesn't mean you should happily post information that can further incriminate you. Such as posting picture of your kids schools, your private residence, car registration, social security id, passport, banking details, etc. One very important step before you install any mobile app, is to check its permission settings. On Android, this can be seen in Settings - Apps - Apps Info. See screenshot below:
Note that the above app needs location service and camera permission. That means it can activate your phone's camera and GPS when needed ;-) where possible, you may opt to deactivate some of these permissions but your app might complain or cease to function. The final decision to install the app is up to you, if you are confident that the app is trusted, by all means, go ahead and install it.
Note that the above app needs location service and camera permission. That means it can activate your phone's camera and GPS when needed ;-) where possible, you may opt to deactivate some of these permissions but your app might complain or cease to function. The final decision to install the app is up to you, if you are confident that the app is trusted, by all means, go ahead and install it.
Screenshot Depicts the App Permission Settings which can be changed
Summary
The world is becoming smaller, with the advert of social media and the Internet, we are certainly more connected. Practising self censorship and user discretion is imperative in creating a safer world. Remember, information security is everyone's responsibility and it is our responsibility to educate the people that we love.
No comments:
Post a Comment