On smartphones, apps that are installed can ask for permission to gain access to certain things.
Most of the time permissions, are asked so apps can work as intended. But sometimes, apps can ask more permissions than they really need, and this can pose serious security and privacy concerns, as one research has found.
A cybersecurity expert who first reported this issue, claiming that Meta, the rebranded Facebook, is spying on people through their devices' motion sensor in order to monitor their activities.
According to an Android's developer guide, motion sensor is a tool that measures gravity, linear acceleration, rotation vector, significant motion, step counter, and step detector sensors, it is also an tool to track the accelerometer and gyroscope sensors.
The thing is, Facebook does this not through its apps, and rather by using Google Chrome.
The researcher said that Google Chrome does this, by asking for motion sensor access in one of its settings.
Through the permission, Chrome can gather sensitive user data, and share them with websites users visit.
"While Facebook was collecting this information for itself, Chrome is happy to collect it for others — essentially enabling a free-for-all when it comes to hugely sensitive information about your every activity, your every behaviour," said Mysk, the duo of app developers and security researchers.
And making it more concerning, Chrome shares users' motion data by default.
Users on Android have long been exposed, and this is a serious privacy issue.
To know the extent of the issue, data collected from motion sensors can say many things about devices' orientation and position, allowing websites to track devices' motion, movement types (walking or driving), how long the phone is active, and even having the ability to predict what apps that are likely being used.
The researcher however, doesn't outright suggest Chrome users on Android to remove the browser from their phones.
Instead, he said that users can just disable the default accelerometer data sharing option.
To do this, users can go to Chrome's settings on their mobile phones, and access 'Site settings' and select 'Motion sensors'.
There, they can turn off the default motion data sharing, if they are worried that Facebook or bad actors are misusing the option.
Dear #Android users,
Chrome shares your motion sensor with all the websites you visit by default.
This video shows how you can disable it. Please do it now.
You can learn more about this here:https://t.co/zMbPpuX3VH#CyberSecurity #Privacy pic.twitter.com/riWNQUfxKB— Mysk (@mysk_co) October 29, 2021
Google can be creepy, and it has no choice but to sneakily track users, whenever it has the chance.
It has been for a long time that Google, as well as other companies that track users, to compromise people's privacy and security in the name of business and profit, but disguising such attempt by telling all it does is making its services useful.
In this particular case, Chrome is the most downloaded web browser on mobile, as it also comes default on Android.
Since most people keep their phones close to them wherever they go, there is a lot of motion data generated throughout the day.
To privacy-concerned individual, this should be extremely worrying if not concerning.
The researcher added that this is not the only security issue that Chrome is having.
Previously, Chrome users were also warned about some high-level security threats.