Could Your Phone’s Battery Be Spying On You?

A new report has claimed that smartphone batteries are broadcasting information that could be used to identify and track their user online – even if they follow strict security procedures – when using browsers including Firefox, Chrome and Opera.

This is due to a flaw in HTML5, the programming language used to create many of the most popular mobile apps around today and in particular the API used to display a battery’s status.

Being watched?

The report, entitled, “The leaking battery A privacy analysis of the HTML5 Battery Status API”, and authored by four French and Belgian researchers, claims that this API in HTML5, particularly when using Firefox, lets websites know how much battery is left in a users’ phone. Primarily used as part of a way for them to help preserve battery life that is running low on the device, but this information can be used to identify phones as they move around the internet, allowing people to be tracked.

The websites are sent both the estimated time in seconds that the battery will take to fully discharge, as well the remaining battery capacity expressed as a percentage, which could be combined into any one of around 14 million combinations, meaning that they operate as a potential ID number.

The report warns that anyone wanting to track a certain device would simply have to set up a monitoring station to wait for these numbers to appear on a website. Their viewing history could then be tracked as the move around websites.

The authors of the report, Lukasz Olejnik, Gunes Acar, Claude Castelluccia and Claudia Diaz, have called for new regulations that would allow users to make sites ask permission before they see the battery information, as well as suggesting that more information should be given to users about how the battery status software is used.

“The analysis of Web standards, APIs and their implementations can reveal unexpected Web privacy problems by studying the information exposed to Web pages,” the authors concluded.

“The complex and sizable nature of the new Web APIs and their deeper integration with devices make it hard to defend against such threats. Privacy researchers and engineers can help addressing the risks imposed by these APIs by analysing the standards and their implementations for their effect on Web privacy and tracking. This may not only provide an actionable feedback to API designers and browser manufacturers, but can also improve the transparency around these new technologies.”

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

BT Identifies 2,000 Potential Cyberattacks Signals Every Second

Level of cyberthreats revealed, after BT says it spots 2,000 signals of potential cyberattacks every…

1 day ago

CMA Cites Higher Prices Post Vodafone, Three Merger, Demands Changes

The British competition regulator has provisionally found competition concerns over Vodafone’s planned merger with Three…

1 day ago

Microsoft Cuts Hundreds Of Gaming Staff

Post Activision - Microsoft Gaming confirms it will axe 650 employees, after thousands of job…

2 days ago

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…

2 days ago

Government To Classify UK Data Centres As Critical Infrastructure

Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…

2 days ago

Irish Watchdog Launches Inquiry Into Google AI Model

Google's protection of EU users' personal data when training its AI model, is under investigation…

2 days ago