Not long after we had to deal with Heartbleed, another security problem looms but this time for Android users. The Electronic Frontier Foundation says that your Android phone could be broadcasting your Wi-Fi location history to anyone who knows how to find it.
Apparently when your phone's screen is turned off and it is not connected to Wi-Fi, it's likely that your phone is leaking the names of the wireless networks you were previously connected to. Why is this a big deal? Those Wi-Fi hotspots often have unique identifiers and could help people track where you have been, where you work, places you frequent. That's enough for anyone's innate privacy alarms to go off.
No you can't see where I Wi-Fi
Even if said Wi-Fi hotspots are generically named, there are ways to look up those hotspots.
Apple on the other hand recently decided to randomise MAC addresses in iOS 8, which means that any phone running the OS will not be broadcasting your user location history.
But why does this broadcasting of past networks happen anyway? Well, it's a way phones that are not connected to Wi-Fi use to try and speed up connections and it is a necessity to connect to hidden networks that do not broadcast themselves the way normal Wi-Fi networks do. It's the equivalent of a phone going: "Psst, are you there?" and waiting for a response.
EFF made this discovery after doing tests that found many Android phones leaked the names of saved networks, up to a limit of 15. Though other platforms may also exhibit this weakness, at this moment EFF says that Android is the most susceptible.
This is thanks to a feature called Preferred Network Offload (PNO) that was designed to help maintain Wi-Fi connectivity even in low-power mode (or with the screen turned off).
Google did respond to EFF's findings and apparently a patch has been submitted to wpa_supplicant that fixes the issue. But it will take time to make into general Android updates. So what can you do until then? Just go to your phone's Advanced Wi-Fi settings and set the "Keep Wi-Fi on during sleep" to "Never". This doesn't work on all phones, though so you might need to disable Wi-Fi entirely when you aren't connecting or manually forget networks you don't want to broadcast.
In the meantime, check out Android security apps like Cerberus for added peace of mind.