Authored by a Symantec employee

 

With this little known exploit, a mobile phone’s battery life can actually be used to track online behavior. Security researchers have found that the battery status API of mobile devices can be used to track people online. In some instances, this can be used to upsell services purchased through a mobile app, ride sharing “surge pricing” for example. How else can this be used? Here’s what you need to know about the privacy and security issues raised.

What is the Battery Status API

The Battery Status API was introduced in HTML5, and this was intended to give site owners information so that a version of websites designed for users on low power devices could be served. This API “allows site owners to see the percentage of battery life left in a device, as well as the time it will take to discharge or the time it will take to charge, if connected to a power source” according to a news report on the research.

This is all seemingly harmless information. But as the security researchers pointed out, the combination of battery life as a percentage and battery life in seconds creates a pseudo identifier for each mobile device. That is, if the device can be identified from one out of 14 million possible combinations.

An Ad Blocker or a VPN cannot prevent someone from taking advantage of the battery status API to identify you and track the sites you visit. However, there is some degree of safety in numbers -- you’re one of 14 million possible computers.

It isn’t precisely known if website owners, whether an advertiser or company, are actively using or tracking information from the battery status API. As the story develops, privacy or security implications can be better known. Want to learn more about protecting your mobile privacy and security? Read on for a few best practices.

Mobile Security Best Practices

  • Download apps from official app stores.
    Third-party app stores may not put apps through the same rigor as official app stores such as the Google Play Store or Apple’s App Store.
  • Avoid connecting to public wi-fi from your mobile.
    An unsecure Wi-Fi hotspot could put your mobile data at risk.
  • Check an application’s settings before you download.
    Beware of apps that ask you to disable settings that can make your device security vulnerable or allows access to data on your phone’s memory that can compromise your privacy.
  • Use a reputable mobile security app.
    Norton Mobile Security scans apps before you download using App Advisor (powered by Norton Mobile Insight) which automatically lets you know about malware, privacy and other risks. This proactive protection also includes lost or stolen device recovery that set off an alarm to find it fast, or see the location of your missing phone or tablet on a map.


Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.