Google likely has the most accurate "IP Address <-> Location" map of any company. They have all the data necessary for a true "god mode" view of the internet map. Consider the data they have:
- Google maps cars collecting wifi ssid's
- Android phones collecting wifi ssid's
- Chromecast scanning internal networks
They know the names of the networks behind public IP's, they know where the networks are, and they know who connects to them.
Sometimes I wonder if IPv6 will ever be truly adopted, or if big companies have mined so much IPv4 data that they have little incentive to switch all systems to IPv6. Not everyone has the level of access and insight to IPv4 networks that big companies do. When every device has a unique IP, big companies will lose a competitive advantage.
They are also willing to share their knowledge: you can do 100 requests per day for free to https://developers.google.com/maps/documentation/business/ge..., or pay up to have basically unlimited access (that's for wifi routers and gsm towers, they work much better than IP addresses for the reasons you mentioned).
WiFi as a location technology is well-known -- http://www.skyhookwireless.com for example has been selling this data for a decade.
What seems to be new here is that Android is very permissive and leaky with WiFi access point data, which allows an app to reverse-engineer location without specifically asking permission to know your location.
Your claim that Android scans for AP's even when WiFi is off is a very interesting one, which raises a lot of concern for privacy but also for RF interference -- if I say I want a radio to be off, then I expect it to be OFF, dammit!
It's true: Skyhook, Google, Apple, and Microsoft have been doing it for a while. Even more, there are free databases that you can use to map WiFi routers to locations (for example wiggle.net), but for some reason this is still not enough for Google to treat WiFi as equivalent to location. This also has consequences in age rating: if you explicitly require location access, you fall into a different age category than if you require "only" the WiFi permission.
You can control the scanning settings in settings -> WiFi -> advanced -> scanning always available. It's ON by default, but you can disable it there.
Apart from what you mention, what is new is the measurement of how many access point you actually need to know to track my location: it's costly to look up all the routers I see during a day, but we show that people spend a vast majority of the time close to a very small number of unique access points (~20 routers per person over 6 months).
I am not sure this is a new threat, a user's list of known SSIDs has been a recognized threat to privacy for a long time. You do not even need to have an app installed on Alice's phone to track her location. All Eve has to do is listen for beacon probes from alice's laptop and Eve can get a good picture of where Alice has been and more: "Show me your SSIDS I'll tell you who you are"[1]
Yes, but:
1) you can circumvent this problem by randomizing your mac between probes, as apple already does, and that doesn't help with the threat we present
2) ssids are not unique - when it says "airport" it can be any airport. When you have access to the mac of the device, you can pin point it uniquely - that's the threat we present.
3) with the threat you link, you theoretically might be able to recover some of the past locations of the user where they did connect to WiFi. With the threat we present you get the location history with time resolution of up to 20 seconds, whether the user connects to WiFi or not, and even if they disable WiFi, and you don't have to control any routers. I would say this constitutes a novelty.
=== EDIT ====
4) the link only mentions a theoretical possibility, we show that the threat is real based on real data collected over 6 months about multiple people.
This is something different: they just know when you visit a location with a router that they control.
We show that you don't need to control any routers to track people's location, as long as you have an app with the "WiFi information" permission (and most of the apps do have it).
Did you watch the network traffic that apps send home? I would be curious to know, of the top games in the app store that see wifi data, how many of them actually send it back to their servers.
I've been running mitmproxy for a project, giving me rare insight into the data that leaves my phone. It's amazing how often android/ios apps "phone home." Every few seconds, apple and google servers receive a request from my phone with fingerprint information sufficient to pinpoint my location on a map. Usually the current WiFi SSID is included in that.
It has me wondering if there is viability in a consumer-grade "man in the middle" router for auditing/filtering the traffic leaving the user's home network.
Good point, thanks! We didn't watch the traffic of these apps yet, we just point out that they have the ability to report it back, beyond the user's control.
I did however read through the privacy policies of the apps, and one of the top 20 with WiFi but not location permission mentioned collecting your location data.
- Google maps cars collecting wifi ssid's
- Android phones collecting wifi ssid's
- Chromecast scanning internal networks
They know the names of the networks behind public IP's, they know where the networks are, and they know who connects to them.
Sometimes I wonder if IPv6 will ever be truly adopted, or if big companies have mined so much IPv4 data that they have little incentive to switch all systems to IPv6. Not everyone has the level of access and insight to IPv4 networks that big companies do. When every device has a unique IP, big companies will lose a competitive advantage.