The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared
The United States’ National Security Agency (NSA) has published guidance on how to reduce the variety of risks that stem from having your location tracked when using smartphones, IoT devices, social media and mobile apps. Despite being geared towards military and intelligence personnel, the advice can be useful for anybody who’s looking to limit their location exposure.
“Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” according to the intelligence agency.
The guidance notes that a powered-on smartphone exposes your location – regardless of whether or not you’re actively using the device. “Mobile devices inherently trust cellular networks and providers, and the cellular provider receives real-time location information for a mobile device every time it connects to the network. This means a provider can track users across a wide area,” said the agency.
On a related note, a smartphone can reveal its location even if both the Global Positioning System (GPS) and cellular service are offline or disabled – relying on Wi-Fi and Bluetooth connections to do the job. This could provide ample opportunity for adversaries to track their targets using wireless sniffers, even if their potential victims aren’t using any of the wireless connections actively, said the NSA.
The intelligence agency also stressed the need to distinguish between location services, which are services provided by devices to apps, and GPS. “Perhaps the most important thing to remember is that disabling location services on a mobile device does not turn off GPS, and does not significantly reduce the risk of location exposure. Disabling location services only limits access to GPS and location data by apps,” according to the agency.
And it’s not just phones…
Similar risks are associated with other devices that send and receive wireless signals, including all sorts of Internet of Things (IoT) devices, fitness trackers, medical equipment, and smart home devices. However, staying safe while using these devices is easier said than done, not least because many of these gadgets don’t provide the option to turn their wireless features off. Indeed, the privacy and security of IoT devices in general leave a lot to be desired.
The agency also noted that many mobile apps request users’ permissions for location tracking although it isn’t necessary for them to operate. “Apps, even when installed using the approved app store, may collect, aggregate, and transmit information that exposes a user’s location,” said the NSA. ESET Chief Security Evangelist Tony Anscombe recently discussed the issue at length.
How to limit the risks
“While it may not always be possible to completely prevent the exposure of location information, it is possible – through careful configuration and use – to reduce the amount of location data shared,” said the NSA. To this end, the agency recommended a bunch of tips on how to reduce the amount of location data shared and so mitigate the risks of being tracked. They include:
- disabling location services settings on your device.
- disabling all the radio transmitters while you’re not using them (Bluetooth and Wi-Fi).
- using a Virtual Private Network to help conceal your location.
- giving apps as few permissions as possible.
- being very cautious about what you share on social media; metadata on pictures, for example, could contain location information.