In early November 2021, readers inquired about a rumor that suggested to “delete Google Chrome” from Android phones over “security issues,” privacy concerns, and accelerometer data, which referred to the device’s motion sensors.
But unless an Android phone has been “rooted” by an advanced user, the Chrome app cannot be deleted. It can only be disabled.
“Delete Google Chrome” has trended in the past because of other purported issues, but in this specific case, we tracked the rumor to a Nov. 6 story from The Sun. This led us to another article from the same day from Forbes. The Forbes story advised readers with the headline, “Why You Should Delete Google Chrome On Your Phone.”
Within the article, Forbes contributor Zak Doffman linked to an Oct. 29 tweet from a researcher named Tommy Mysk. So essentially, reader emails asking if they should “delete Google Chrome” led us to a piece from The Sun, then a story from Forbes, and finally the origins of the claim: a tweet.
In a video that was posted with the tweet, Mysk showed how to disable and block websites from accessing the motion sensors on Android phones:
Dear #Android users,
Chrome shares your motion sensor with all the websites you visit by default.
This video shows how you can disable it. Please do it now.
You can learn more about this here:https://t.co/zMbPpuX3VH#CyberSecurity #Privacy pic.twitter.com/riWNQUfxKB— Mysk
(@mysk_co) October 29, 2021
According to a researcher’s Twitter thread that was linked by Fast Company, the motion sensors on smartphones can be used by apps or websites to “gather information about your emotional state, heart rate, sleeping habits, and more.”
No such toggle setting appeared to exist in Google Chrome on Apple’s iPhone devices. However, Mysk previously published a story about motion sensor concerns for iOS, Apple’s mobile operating system.
Mysk also noted that iPhone devices don’t allow web browsers to use motion sensors without specified permission, which is asked in a prompt:
iOS doesn’t let browsers access the motion sensors without a permission. If a website tries to read the motion sensors, you get this alert: pic.twitter.com/1xweWO751V
— Mysk
A Twitter user replied to Mysk, claiming that the issue was being blown out of proportion:
You’re making this out to be ultra sinister but the reality is they’re making this sensor available so we can enjoy funky new effects like augmented reality or 3d photos etc by making the accelerometer available. What is the privacy issue sharing that the phone has just rotated?
— Wayne Man (@a4refillpad) November 7, 2021
Mysk responded with more data:
You need to read the blog to explore what can be inferred from merely rotating and shaking the phone.
Also this study highlights what websites do with accelerometer data:https://t.co/DdsIeaMrYN— Mysk
In the tweet, Mysk linked to a 2018 story from Wired.com that described the potentially dangerous nature of the entire issue:
That unapproved access to motion, orientation, proximity, or light sensor data alone probably wouldn’t compromise a user’s identity or device. And a web page can only access sensors as long as a user is actively browsing the page, not in the background.
But the researchers note that on a malicious website, the information could fuel various types of attacks, like using ambient light data to make inferences about a user’s browsing, or using motion sensor data as a sort of keylogger to deduce things like PIN numbers.
Other users also chimed in to say it appeared to not be the critical issue it was made out to be, while others thanked Mysk for the information.
We reached out to Google with questions about the motion sensor concerns and the “delete Google Chrome” messages. In response, they shared a link to data about an API permission change in 2019 that allowed users to disable and block motion sensor usage by websites. They also sent this statement about that change:
We intentionally limit the resolution of motion sensors in Chrome, and since 2019 we’ve had controls that allow users to block websites from accessing a device’s motion sensors altogether.
We take user security and privacy seriously, and we’re always working on new ways to improve security and privacy in Chrome.
Readers with Android phones are free to disable and block motion sensors in the browser app using the steps shown in the video in this tweet.
At this time, it appears that there may be no urgent need for users to try to disable or completely remove Google Chrome from their phones, nor is there an imminent danger if motion sensors continue to be enabled in the app. However, we are reaching out to experts in the field for more guidance and will update this story should we receive responses.
Since we are still looking into the claim, we have rated it as “Research In Progress.”
Sources:
Broida, Rick. “How to Easily Root an Android Device.” CNET, https://ift.tt/ADVtH8b.
Doffman, Zak. “Why You Should Delete Google Chrome On Your Phone.” Forbes, https://ift.tt/qZYtuT3.
“IPhone Apps Can Tell Many Things About You Through the Accelerometer, Mysk.” Mysk, https://ift.tt/QVRWurC.
Newman, Lily Hay. “Mobile Websites Can Tap Into Your Phone’s Sensors Without Asking.” Wired. www.wired.com, https://ift.tt/2JkGxbK.
Sullivan, Mark. “Considering Deleting Chrome from Your Phone? Try This Tweak Instead.” Fast Company, 8 Nov. 2021, https://ift.tt/aP6mEA8.
“Urgent Warning to Change Google Chrome from Your Phone NOW.” The US Sun, 6 Nov. 2021, https://ift.tt/p3sfkrF.
‘Delete Google Chrome’ Trends Over Motion Sensor Scare
Source: Kapit Pinas
0 Comments