Your smartphone battery may be spying and tracking your digital footprint across Internet
Technology is never short of surprises. Your online activity can now be tracked with your smartphone’s battery life. According to a paper by security researchers, phone batteries are transmitting information that could be used to find their owners and track them around the internet, in spite of taking proper privacy measures.
The security researchers have found out that a feature of the HTML5 specification tells websites how much battery is left in a users’ phone and and is intended to allow websites to help preserve battery if phones are running low. At the same time, the information could then be used to spy on their online activity, allowing people to be tracked.
You hit the power saver mode whenever your smartphone or your laptop goes low on battery. All the features or apps that take up extra battery get disabled.
The phones responds to the requests of the websites and scripts that run on HTML5 by saying how much charge they have and how much time would it take for them to power back up. The. phone responds to the requests, as they do not need to seek users’ permission to see how much charge is left. Hence, without the knowledge of the users, the information can then be used as a way of identifying the phones themselves.
Currently supported in Firefox, Opera, and Chrome browsers, the battery status API clearly frees sites from the obligation to request user permission to find out the remaining battery life.
According to the researchers (PDF), the website receives accurate information including the estimated time for the battery to fully discharge along with precise battery percentage left in the phone.
The Guardian reports suggest that the two numbers operate as a potential ID number, which means that they could be any one of the 14 million combinations. The battery status API could be used to recognize users across websites, given that the values update every 30 seconds.
Technology like VPNs are basically more than enough to stop people from following a user around the internet. However, those measures could be played around due the security problems in the battery software.
The argument made by World Wide Web Consortium, W3C, the organization that introduced the API states that “the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants.”
However, researchers provides cautionary advice that “Users who try to revisit a website with a new identity may use browsers’ private mode or clear cookies and other client side identifiers. When consecutive visits are made within a short interval, the website can link users’ new and old identities by exploiting battery level and charge/discharge times. The website can then re-instantiate users’ cookies and other client side identifiers, a method known as respawning.”