Jeremy Gillula

[Commentary] AT&T has decided it’s good business to advocate for an “Internet Bill of Rights.” Of course, that catchy name doesn’t in any way mean that what AT&T wants is a codified list of rights for Internet users. No, what AT&T wants is to keep a firm hold on the gains it has made in the last year at the expense of its customers’ rights. There is nothing in the history—the very recent history—of AT&T to make anyone believe that it has anyone’s actual best interests at heart.

Do you own an Android device? Is it less than three years old? If so, then when your phone’s screen is off and it’s not connected to a Wi-Fi network, there's a high risk that it is broadcasting your location history to anyone within Wi-Fi range that wants to listen.

This location history comes in the form of the names of wireless networks your phone has previously connected to. This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi.

In Android we traced this behavior to a feature introduced in Honeycomb (Android 3.1) called Preferred Network Offload (PNO). PNO is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they’re in low-power mode (i.e. when the screen is turned off).

The goal is to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data. But for some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off.