Google’s “Latitude”: A major security flaw in Google’s global phone tracking system
One day after the global launch of Google’s “Latitude” phone tracking system, Privacy International has identified what appears to be a fundamental design problem that could substantially endanger user privacy.
Google Latitude, a new service from Google that allows you to send your location to Google Maps and share it with friends via many mobile phones.
With Google Latitude, you can:
- See where your friends are and what they are up to
- Quickly contact them with SMS, IM, or a phone call
- Maintain complete control over your privacy
Latitude is not a separate service that people need to separately adopt and configure but an extension of existing Maps for Mobile functionality. People simply need to download the latest version of Maps for their phone and opt-in to location sharing.
Latitude’s location-awareness capabilities are built on Google’s Wifi and cell tower triangulation that form the basis for its My Location tool.
After studying the system documentation, PI has determined that the Google system lacks adequate safeguards to protect users from covert opt-in to Latitude’s tracking technology. While it is clear that Google has made at least some effort to embed privacy protections, Latitude appears to present an immediate privacy threat.
Latitude is based on a reciprocal opt-in system. That is, before a person can be tracked, a sharing arrangement must be agreed with a requesting party. After this process has been executed, location data is made available on a time-to-time or continuous basis. On the face of it, this arrangement might seem an adequate protection. However this safeguard is largely useless if Latitude could be enabled by a second party without a user’s knowledge or consent. Privacy International believes this risk is substantial and could in the future adversely affect millions of phone users.
The following scenarios has been considered as some of the ways that the service can be abused:
- An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
- A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
- A partner, friend or other person gains access to an unattended phone (left on a bar on in the house) and enables Latitude without the other person’s knowledge.
- A Latitude-enabled phone is given as a gift.
- A phone left unattended, for example with security personnel or a repair shop, is covertly enabled.
Privacy International believes Google has created an unnecessary danger to the privacy and security of users. It is clear the company is aware of the need to create a message alert on Latitude-enabled phones but has chosen to launch the service without universal access to this safeguard. The Director of Privacy International, Simon Davies, said:
Many people will see Latitude as a cool product, but the reality is that Google has yet again failed to deliver strong privacy and security. The company has a long way to go before it can capture the trust of phone users.
As it stands right now, Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends. The dangers to a user’s privacy and security are as limitless as the imagination of those who would abuse this technology."