A web standard which lets site owners now the battery percentage of your battery apparently can track your mobile phone anywhere you go online. Not only that, but privacy researchers warned that this could happen in the past.
The API, introduced in HTML5, is used in a majority of web browsers including Firefox, Opera, and Chrome. The API allows site owners to see the percentage of life left in a device, as well as the time it will take to discharge or the time it will take to charge if connected to a power source.
The API was intended to allow site owners to deliver low-power versions of sites and web apps to users with little battery capacity left. Soon after it was introduced, however, privacy researchers pointed out that it could also be used to spy on users. The combination of battery life as a percentage and battery life in seconds provides offers “14m combinations”, providing a pseudo-unique identifier for each device.
Two security researchers from Princeton University have shown that the battery status AP is actually being used to track users as opposed to its advertised purpose. By using a specially modified browser, Steve Engelhard and Arvind Narayanan found two tracking scripts that used the API to identify a specific device. This, in turn, allowed them to continuously identify it across multiple websites on multiple browsers.
Lukasz Olejnik, the person who first highlighted the research said that,“Some companies may be analysing the possibility of monetising the access to battery levels. When battery is running low, people might be prone to some – otherwise different – decisions. In such circumstances, users will agree to pay more for a service.”
This just further goes to see that you can never be truly safe online. While this API hasn’t yet been used to its full capabilities, there is nothing keeping it from getting into the wrong hands.