Your mobile device's battery life could compromise online privacy

Shawn Knight

Posts: 12,179   +120
Staff member

It’s naive to believe you can remain anonymous while surfing the web without going out of your way to do so. There’s no shortage of sneaky tricks that can be used to track a target’s online activity but it’s a new technique recently disclosed by a team of Belgian and French security researchers that may trump them all.

In a newly published paper, the team points to the little-known HTML5 Battery Status API as suspect. The API, used in Chrome, Firefox and Opera, allows websites to ping a notebook or mobile device to determine how much battery life it has left. The idea is that when a site notices a user’s battery is low, it can disable some features to help prolong the remaining juice.

The API doesn’t require any sort of permission from the user to ping battery life due to the fact that said information has “minimal impact on privacy or fingerprinting.” The researchers, however, aren’t convinced.

They found that websites receive quite a bit of detailed information about a mobile device via the API. As The Guardian notes, the data includes an estimate (in seconds) of how long it’ll take to discharge the battery as well as the remaining capacity as a percentage.

Those two figures can result in a combination of around 14 million possibilities which could be used as an ID number. Furthermore, the values only update every 30 seconds or so.

To help illustrate what’s possible, entertain the following scenario. If a user visits a website in private browsing mode across a VPN then turns off private browsing mode and the VPN, the website shouldn’t be able to link the user to the earlier visit. If the two visits are made within half a minute of each other (before the battery status API updates), the site could potentially link the user using data from the API.

Permalink to story.



Posts: 894   +453
Wow I've heard of some long shots but this is a reach! Of all the gazillions of phones out there I bet at any moment there is 10 of them with the exact same battery percentage etc.

Lastly who actually expects any privacy on a mobile phone? Leave the private issues for a desktop or laptop maybe.