Your Android phone might be broadcasting your Wi-Fi history

Is your phone's Wi-Fi always on? If you're on Android that might be a very bad idea

Coming hot on the heels of Heartbleed there's another potential security problem, this time for Android users. The Electronic Frontier Foundation says that your Android phone could be broadcasting your Wi-Fi location history to anyone who knows how to find it.

Apparently when your phone's screen is turned off and it is not connected to Wi-Fi, it's likely that your phone is leaking the names of the wireless networks you were previously connected to. Why is this a big deal? Those Wi-Fi hotspots often have unique identifiers and could help people track where you have been, where you work, places you frequent. That's enough for anyone's innate privacy alarms to go off.

No you can't see where I Wi-Fi

Even if said Wi-Fi hotspots are generically named, there are ways to look up those hotspots.

Apple on the other hand recently decided to randomise MAC addresses in iOS 8, which means that any phone running the OS will not be broadcasting your user location history.

But why does this broadcasting of past networks happen anyway? Well, it's a method phones that aren't connected to Wi-Fi use to try and speed up connections, and it's also a necessity to connect to hidden networks that don't broadcast themselves the way normal Wi-Fi networks do. It's the equivalent of a phone going, "Psst, are you there?" and waiting for a response.

READ MORE: 8 things you need to know about Android L

EFF made this discovery after doing tests that found many Android phones leaked the names of saved networks, up to a limit of 15. Though other platforms may also exhibit this weakness, at the present time EFF says Android is the most susceptible.

This is thanks to a feature called Preferred Network Offload (PNO) that was designed to help maintain Wi-Fi connectivity even in low-power mode (or with the screen turned off).

Google did respond to EFF's findings and apparently a patch has been submitted to wpa_supplicant that fixes the issue. But it will take time to make into general Android updates. So what can you do until then? Just go to your phone's Advanced Wi-Fi settings and set the "Keep Wi-Fi on during sleep" to "Never". This doesn't work on all phones, though so you might need to disable Wi-Fi entirely when you aren't connecting or manually forget networks you don't want to broadcast.

In the meantime, check out Android security apps like Cerberus for added peace of mind.

[Via 9to5Google]

More after the break...