Google Bypasses Privacy, Puts Users’ Data on the Map
Google’s handling of user data has long been a subject of concern for data privacy enthusiasts. While the tech giant has undergone a comparatively low number of data breaches in recent history, its hold over the Android platform allows them to harvest an unprecedented amount of data.
Now, Google is taking more steps to ensure the collection of user data across non-mobile devices as well. Recently Google has changed their domain structures to include all their services under one parent domain. This means that any permissions given by the user for one google service, such as Google Maps, extend to all Google services under the domain.
The discovery was made by an alert user when they noticed Google had switched from a subdomain to a subdirectory.
This means any pop-up that appears when the website tries to access a user’s camera, microphone or location only needs to be accepted once to be applied across the vast range of Google’s services.
Subdomains are considered children of the parent domain, existing outside the main domain within a disparate partition. Alternatively, subdirectories are treated as part of the main domain as they are nothing but a page under the domain.
Google had previously used a subdomain for Google Maps, with URL ‘maps.google.com’ but now has now changed to a subdirectory with the URL ‘google.com/maps’.
For example, the user’s mic can be accessed from the Google search page, with camera permissions being granted from Google Meet. Location access allowed through Google Maps may likely be used to track users’ location in search engine without granting specific permissions.
Users wanting to use Google Maps for a short period of time will be asked to give permission to access their location. Under the new domain structure, Google can now access this data any time allowing them to geo-track the user when they have a Google Website open.
Do you know what apps are tracking your location? Do you know the security score of apps you are using? Are you aware of the permissions you have granted?
Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards.
Contact us below to speak with our cyber security experts and start the journey to protect your company today.