Google Location Services: does fortune still favor the brave?
In August, documents from the Google vs Arizona case were published. Many sections of these documents have been redacted but some interesting emails went though. In one of these emails a Google Software Engineer is puzzled by the way Android keeps prompting users to enable Google Location Services (a.k.a Google Location Accuracy). In this post, I detail how Google nudges Android users toward its own location service in order to collect their location data. Beyond the question of using nudges to collect more data, I discuss the compliance of these with EU regulation. Finally, by this self-preferencing services through which they collect location data, Google get an edge over competing Android location-based services.
GPS or GLS
Android phones have more than one location settings, one of these settings is the main switch that controls if the phone can estimate its location and there are 5 other settings that control more specific options which most users don’t care about. One of these neglected settings control the “source” used to estimate the device location :
- GPS works great outdoor, but not so well indoor
- Google Location Services (GLS) are more sophisticated : they combine GPS with information from mobile networks and the device sensors. GLS are part of the Google Play Services, a set services and APIs that are installed on most Android smartphones and on thoses smartphones, GLS are enabled by default.
To sum-up: the Android Location setting controls if your phone can estimate its location and the Google Location Services setting controls how your phone determine its location : GPS or GLS .
The GLS provides a faster and more accurate device location (at least according to Google), but there is a price to pay for that and not surprisingly, this price is paid with data : through the Google Location Services, Google collects location data that are used to improve its location-based services. Also not so surprisingly, users are nudged towards the Google Location Services instead of GPS. Enabling GLS by default is one of these nudges, but it’s not the only one.
Easily opt-ing in, not so easily opting-out
The Google Location Services are enabled by default on most Android phones and it is quite hard to disable them. The fastest way is to turn off the Android Location settings but that means loosing the benefit of all location based services and apps. The other solution is to switch from GLS to GPS but it’s more complicated and, to some extent, it feels like it has been harder with every new Android version.
On Android 10 from your home screen, it takes at least 5 clicks to opt-out from Google Location Services.
Here is the Android 10 walk-through to switch from GLS to GPS: open the Android Settings, then the Location Settings, and then the Advanced Settings, then click on “Google Location Accuracy” and finally disable the Google Location Services.
That’s at least five “clicks” with one that could clearly have been avoided: the settings hidden under “Advanced Settings” section are not more advanced than the “Wifi and Bluetooth scanning” option that is directly visible in the location section. It is not clear to me why those settings are not directly visible in the location setting.
As a matter of fact, device manufacturers have modified the location menu and show directly all the settings, thus saving you one click. I tested devices of a few brands in a retail store: devices from Oppo, Xiaomi and Samsung directly show all the settings in the location menu. Devices from Sony, OnePlus and Nokia kept the original location settings organization thus requiring 5 clicks to opt-out.
Much simpler to opt-back in : just clicking OK on a popup appeared in a middle of an app re-enable GLS almost permanently.
As noted by a Google engineer, it is too easy to enable Google Location Services, even when you don’t want to. Even users who’ve managed to opt-out of Google Location Services are likely to opt-back in when they use apps that need access to the location. When the Android Location setting is off, enabling location within an app such as Google Maps, Waze or even Citymaper will make a small popup appear asking you to confirm that you want to “turn on device location which uses Google Location Services”. Sometimes, this popup will appear if you just visit Google Search.
If you click “OK”, the Android Location setting AND the Google Location Services will be enabled permanently (i.e. not limited to the time you use the app). Even after you disable the Android location setting, GLS will remain the selected source to determine the device location. The first time you click OK, you may see an additional popup, explaining that Google may collected anonymous data and asking you to confirm, but this popup may appear only once on a given device.
The first time a user re-enabled the GLS, a popup may appear with more details about the fact that enabling GLS implies that Google may collect data and use them in an anonymous way. It seems that this popup appears only one time on a given devices, in my experience the popup never re-appeared.
Once you’ve click “OK”, the location will be enabled and the GLS as well. To switch back from GLS to GPS you’ll have to go through the 5 clicks again.
Not only it is much simpler to enable GLS than to disable them, but the information users get before they re-enabling GLS is amazingly poor. Yet this consent box triggers the collection of users location data by Google. It is worth analyzing the two layers of information provided by Google.
When the pop-up is displayed, the text only says “To continue turn on device location, which uses Google location services”. This text appears even when the devices is configured to use GPS instead of the Google Location Services, so the text should be “Continuing will turn on device location and uses Google’s Location Service instead of GPS“. That small imprecision is just a detail though.
Users have to click on the small “arrows” at the end of the sentence to learn that, if they click on OK, “Google may collect location data periodically and use this data in an anonymous way to improve location accuracy and location-based services [emphasize mine]“ . Two details are worth discussing in this sentence:
- The data are collected and processed for two different purpose : First, they are used to improve the location accuracy (i.e. the service requested by the user). Second, Google uses them to improve their location-based services. These purposes are bundled, it’s not possible to have one without the other.
- The location data collected by Google are not anonymous, they are used in an anonymous way.
Google should obtain a valid consent
While GDPR does not require all processing to be based on consent, in the case of location data the ePrivacy directive applies. Especially article 9.1 :
“Where location data other than traffic data, relating to users or subscribers of public communications networks or publicly available electronic communications services, can be processed,such data may only be processed when they are made anonymous, or with the consent of the users or subscribers to the extent and for the duration necessary for the provision of a value added service [emphasize mine].”
Unless they are anonymizing the data (they probably don’t, see the Privacy Nerd section bellow), Google has to obtain a valid user consent to the processing of his location data. It’s not clear to me that the popup displayed within apps is enough to obtain an informed consent.
“Scale helps make [Google] product better”
With GLS, Google certainly collects more data than any other Android location services and uses them to improve location-based services. Some of these services are good for everyone like the earthquake detection system released in 2020. But Google most certainly also uses these data to improve drive to store accuracy (although drive to store is only reported for users who enabled location history), to predict traffic and suggest itineraries.
As Google explained it in 2009
“Ever since GPS location started coming to mainstream devices, people have been thinking of ways to use it to figure out how fast the traffic is moving. But for us to really make it work, we had to solve problems of scale (because you can’t get useful traffic results until you have a LOT of devices reporting their speeds)[emphasize mine]”
A competing location-based service running on Android is very unlikely to get access to more location data than Google. Indeed, it is very complicated for an incumbent to obtain Android location data without Google being in the loop. Clearly, Google is leveraging its control over Android to collect location data in order to improve its services. The prevalence of the Google Location Services gives Google an edge over all other location based services ranging from traffic prediction to location based advertising.
As conceded by Google in the 2009 blogpost:
“Google is fortunate to have a lot of people using our products, and that scale helps make our products better.”
Fortune favor the brave. Back in 2009, Google may have been fortunate, but now it seems Google products are favored by the operating system.
Thanks to Franck Baudot for reviewing a draft,
For privacy nerds: hints that these data are not anonymized
Google could delete the data right after they estimated the device location, but to “improve location based services” they need to keep these data for a while. So if they want to keep them without consent, they have to anonymize them.
Very little documentation explains what data is processed by GLS. In a response to Senators Richard Blumenthal and Edward J. Markey enquiry, Google explained in 2018 that “GLS is linked to a temporary and rotating device identifier that is not used by or shared with other services”.
Let’s pause on this for a moment. When you use Google Location Services you send your accurate location to Google but it won’t be attached to your ID, it’s linked to “a temporary device ID”. How temporary is this device ID is quite important: if this ID remains the same for a few hours, it’s clear that it can be linked back to your identity, especially by Google who already collects a lot of data.
The second hint that GLS data are not anonymized is a subtle change in the language used to describe the GLS. Between 2017 and 2018 Google rephrased the description of the data collected by GLS and replaced the sentence “anonymous location data” by “data used in an anonymous way”. While, subtle, this change tends to confirm that Google no longer consider that data processed in the context of the Google Location Services are anonymous.
We can observe this change by comparing the “location popup” appearing on older version of android (on the left) with the details that appear in current versions (on the right).
A similar change in the way things are phrased can be observed between the setup screens of the Pixel 2 smartphone in 2017 and of the Pixel 3 XL which was released in 2018.
This changed may have been caused by the entry in application of GDPR which definition of “personal data” is more extensive than the one used so far in some EU counties and includes location data. Considering the GDPR definition of “personal data”, Google may have realized that they were not processing anonymized location data.
Vincent Toubiana (@vtoubiana)