A new Android security breach in the software's Wi-Fi system leave users’ open for unauthorized tracking by malicious attacks, according to a report from Bleeping Computer.
Nightwatch Cybersecurity reported the bug to Google in March but the Mountain View company says it will only fix it in Android Pie and not in older versions of their operating system.
This is how it works: Android constantly broadcasts information about your Wi-Fi connection through an internal OS feature called intents. This feature allows the OS or any app to send information across the entire operating system, which any app can read.
In this case, the Wi-Fi intents are sending your Wi-Fi network name, the BSSID (the unique network identifier of the Wi-Fi router you are connected to), your local IP address, your DNS server information, and your MAC address (the unique network identifier for your Android device) to any app that is willing to listen without your permission.
Since the MAC address identifies your device in a unique way, malicious applications can actually track where you are. As you move through the world, your MAC address can be combined with the Wi-Fi network you are connecting to and its BSSID, using this information to locate you on a map and send that location to a malicious third party.
And you will never know about it.
Nightwatch claims that “all versions of Android running on all devices are believed to be affected including forks (such as Amazon’s FireOS for the Kindle).”
Google told Nightwatch that it will fix this problem in Android Pie but not older versions of the OS. Instead, you will need to upgrade to Pie. If your phone is not supported, bad luck. Well, this is one way to promote the Pixel 3.