‘No tech company is immune from pressures coming from rising interest rates, slowing economic growth and soaring inflation,’ one analysts said. Tech company earnings reports expected to bring a flush of bad news. The supreme court’s decision to overturn Roe v Wade, the landmark ruling that ensured women had a federally protected right to get an abortion, has prompted concerns among privacy advocates about data collection policies that could be used to track women by their intimate partners or by law enforcement agencies in the event she was seeking access to an abortion.
Researchers discovered that a person who had brief access to another user’s Android phone – such as a lover entering into his girlfriend’s phone – could fairly simply follow the user’s activities, casting doubt on Google’s commitment to secure the location data of users who visit abortion clinics. The discovery was made by the non-profit Campaign for Accountability’s Tech Transparency Project just weeks after Google said in a blog post that it would remove references to sensitive locations, like domestic violence shelters or abortion clinics, if its systems determined that a visitor had been to one of those locations. The adjustment would go into effect “in the next weeks,” according to the blog post from July 1.
In a report published on Thursday, TTP researchers made two findings after an experiment using two new Android phones. First, if an Android user (described as a “perpetrator”) could get access to another user’s phone (described as a “victim”) and log into their own account using a Google app on the victim’s device, such as Google Play, the location history of the victim would then be visible to the perpetrator, without the victim being given any clear warning that they could be tracked.
TTP said: “It is unclear how Google plans to implement these [abortion-related] policies, and how long sensitive locations will remain on users’ location timelines before the tech giant deletes them. “When TTP took a phone to an abortion clinic, the clinic’s exact location remained in Google’s location history for more than a week, suggesting that either Google has not yet implemented these changes or the company’s system for detecting and removing sensitive locations is faulty.” TTP’s experiment replicated a similar finding that was published by a respected malware intelligence researcher, Pieter Arntz, on his blog in 2021. In that case, Arntz reported that he had inadvertently been able to “spy” on his wife’s whereabouts after he installed an app on his wife’s Android phone, which ultimately led him to receive updates on her location on his own phone.
Second, the same experiment showed that the victim’s visit to an abortion clinic, a Washington-based Planned Parenthood, was visible to the perpetrator and was not automatically deleted. In this case, the victim’s location history was turned off, but the perpetrator’s was enabled. The route and time spent in the Planned Parenthood clinic was also viewable to the perpetrator via the Google Maps app on the perpetrator’s phone. A full week later, the clinic location remained in Google’s location history when viewed on the perpetrator’s phone and in a desktop browser.
Arntz said he submitted an issue report to Google with specific information about how he had obtained the location information, and made suggestions about how the company could take steps to protect users’ location data from inadvertently being shared. In his case, as in TTP’s experiment, the Google timeline was enabled on his phone but not on his wife’s, so he noted that he should not have been able to receive the locations visited by her phone.