used with permission from Norton by Symantec
With this little known exploit, a mobile phone’s battery life can actually be used to track online behavior. Security researchers have found that the battery status API of mobile devices can be used to track people online. In some instances, this can be used to upsell services purchased through a mobile app, ride sharing “surge pricing” for example. How else can this be used? Here’s what you need to know about the privacy and security issues raised.
What is the Battery Status API
The Battery Status API was introduced in HTML5, and this was intended to give site owners information so that a version of websites designed for users on low power devices could be served. This API “allows site owners to see the percentage of battery life left in a device, as well as the time it will take to discharge or the time it will take to charge, if connected to a power source” according to a news report on the research.
This is all seemingly harmless information. But as the security researchers pointed out, the combination of battery life as a percentage and battery life in seconds creates a pseudo identifier for each mobile device. That is, if the device can be identified from one out of 14 million possible combinations.
An AdBlocker or a VPN cannot prevent someone from taking advantage of the battery status API to identify you and track the sites you visit. However, there is some degree of safety in numbers — you’re one of 14 million possible computers.
It isn’t precisely known if website owners, whether an advertiser or company, are actively using or tracking information from the battery status API. As the story develops, privacy or security implications can be better known. Want to learn more about protecting your mobile privacy and security? Read on for a few best practices.
Mobile Security Best Practices
- Download apps from official app stores. Third-party app stores may not put apps through the same rigor as official app stores such as the Google Play Store or Apple’s App Store.
- Avoid connecting to public wi-fi from your mobile. An unsecure wi-fi hotspot could put your mobile data at risk.
- Check an application’s settings before you download. Beware of apps that ask you to disable settings that can make your device security vulnerable or allows access to data on your phone’s memory that can compromise your privacy.
- Use a reputable mobile security app. Norton Mobile Security scans apps before you download using App Advisor (powered by Norton Mobile Insight) which automatically lets you know about malware, privacy and other risks. This proactive protection also includes lost or stolen device recovery that set off an alarm to find it fast, or see the location of your missing phone or tablet on a map.