Note to IT: Google really wants its privacy settings left alone

The biggest difference in business models between mobile giants Google and Apple is that Apple sells hardware and software whereas Google sells information. So when Apple makes a big play out of protecting privacy—such as pushing back against encryption backdoors and government subpoenas—it’s relatively easy for them. That’s not primarily how they make money.

Google, though, has a business model that truly hates privacy. To Google, enterprise data privacy, along with consumer data privacy, is just something that deprives them of raw material that they can sell. In short, Google has to publicly say that it protects its customers’ privacy while privately doing whatever it can to keep leveraging that data.

Therefore, it’s deeply unsurprising that newly-released information from the Attorney General’s office for Arizona—released now that a judge has agreed to unseal some of the data—shows Google trying to hide privacy settings and also tracking users after they chose to not be tracked.

“Users are more likely to disable their device’s location setting if they are readily offered such a setting. This was demonstrated by a substantial increase in devices with location turned off in versions of Android that included a location toggle in the device’s easily accessed Quick Settings pane,” the Arizona AG’s filing said. “Google viewed the large increase as a problem to be solved, so it removed this setting from the Quick Settings pane of devices it manufactured, and it sought—successfully—to convince other manufacturers using Android to do the same on the basis of false and misleading information.”

The filing added: “Google infers a user’s extremely sensitive home and work locations without consent. Not only does Google still infer these locations when a user turns off Location History, but it also does so when a user turns off all of a device’s location-related settings. Jack Menzel, Google’s former Vice President of Product for Maps and current Vice President of Product for Ads, testified that the only way for Google to not infer a user’s home and work is for that user to ‘set home and work to arbitrary locations.'”

Some of this trickery is buried in non-intuitive settings for Google. For example, Google tells users that “you can turn your Android device’s location on or off using the device’s settings app.” The AG filing said that Google’s vagueness is deliberate.

“A reasonable conclusion from this disclosure is that ‘off means off’—i.e., that Google simply will not collect and exploit user location information when a device’s location setting is turned off. But that is not true. Instead, Google operates on the principle that ‘off means coarse.’ Google reduces the precision with which it collects and uses a user’s information when a device’s location setting is off but does not stop the collection and exploitation of that information altogether.  Indeed, it is impossible for users of Google products and services to prevent Google from exploiting information about their location for financial gain.

Another tactic: Google’s two WiFi settings. “There are two relevant settings—WiFi scanning and WiFi connectivity. Only the WiFi scanning setting is presented within location settings, which would lead a reasonable user to believe that turning it off would result in Google no longer discerning a user’s location through WiFi scans. But that is not true—even with WiFi scanning off, Google may still obtain location information from WiFi scans if WiFi connectivity is on.”

Then—and this may be my favorite—Google allows users to erase their history, but users need to know where to do it to have any meaningful impact. “If you have Web and App Activity enabled and the location toggle enabled, then your search history entries contain your approximate location at the time you made a query. It’s also not possible to remove them by clearing your location history, which is counter-intuitive – you have to clear your search history instead.”

There are quite a few other instances and enterprise IT would do well to read the entire filing. The upshot, though, is that these are not the tactics used by a trustworthy business partner.

The only viable recourse is for IT to implement strict mobile information protocols. If employees are driving to a secret location for an official meeting (perhaps preliminary negotiations about purchasing a publicly-held company), maybe it’s wise to leave their phones at home or at the office and drive to that meeting with a burner phone.

Let’s remember that there are two distinct issues about corporate data privacy: One, your enterprise data being retained somewhere (as in Google’s servers) and distributed somewhere else; and Two, your enterprise data being retained on your mobile device.

The differences between the two depends on what you are trying to protect and why. With One, the immediate risk would be compliance issues about what data can be retained at all and the geographies where it can be stored. If your concern is a corporate spy targeting your systems, then Two is probably the worse nightmare. Google’s servers are very well protected (compared with an Android device) and they store data from a massive number of companies and consumers.

If an identity thief, cyber thief, ransomware extortionist or corporate espionage agent is specifically targeting your operations, they are much more likely going to try and steal the phone of a targeted executive than try and break into Google and somehow find your data there.

That means deleting emails, memos and other documents routinely and wiping the entire phone. It’s extreme, but setting back phones of a key personnel to factory settings once a month is one way to limit the exposure from a stolen phone. Yes, remote wipe will work, but most IT people (and certainly the phone’s user) tend to hold off a remote wipe for far too long, as they desperately search for the phone. Thieves know to access the phone immediately and then keep it in airplane mode for as long as possible to hold off a remote wipe until they can get access what they need.

By the way, mobile data retention is everywhere. Did a piece about the data being stored by a regular car and the list is frighteningly long. Who thinks about resetting the data on your car? You should.

Privacy is important. Be very careful with Google resources and especially mobile devices.