Home > Mobile > Your smartphone or laptop battery could be used to…

Your smartphone or laptop battery could be used to track you, researchers say

battery status api tracks phone laptop samsung from galaxy note
Digital Trends / Robert Nazarian

European researchers published a paper revealing that your privacy could be compromised from the battery in your smartphone or laptop. Most people are probably unaware of something called the battery status API. The World Wide Web Consortium (W3C) introduced it in 2012, and the Firefox, Opera, and Chrome browsers support it.

Battery status API explained

It is a HTML5 specification that’s supposed to help websites conserve energy for those users that have minimal battery life remaining. Basically, the website can read the battery state of any device, such as how much life remains in terms of both minutes and percentage. Based on these results, the website can automatically disable power hungry features on webpages to conserve energy.

Related: Citing safety and privacy concerns, Toyota refuses to offer CarPlay and Android Auto

How is your privacy compromised?

So far so good right? Unfortunately the main problem with the API is that websites can gather this information without permission from visitors. The researchers concluded that websites can piece together the information from multiple visits through a third-party script, thus creating a fingerprint for each user. This could theoretically happen across different sites and even affect users who constantly delete cookies or are behind a VPN or corporate firewall.

battery tech

The potential issue was raised back in 2012 and referred to in the W3C specification of the API. The “Security and privacy considerations” section has the following statement: “The information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants.”

Are you at risk?

The study seems to be stirring up some technopanic in the tech world, but the potential danger appears to be very limited. The study was only conducted with the Firefox browser in Linux using the UPower tool. The researchers concluded the information gathered from Firefox in Windows, Mac OS X, and Android was too significant to create a fingerprint.

Furthermore, the researchers filed a bug report for the exploit with Firefox in Linux, and it was fixed in June 2015. The study never demonstrates a similar exploit in either the Chrome or Opera browsers, or even a mobile device.

Related: European regulators block Facebook’s Moments app due to privacy concerns

The report demonstrates an issue that was already fixed, but its intent is to “draw attention to this privacy issue by demonstrating the ways to abuse the API for fingerprinting and tracking.” In other words … create buzz among tech sites, which leads to more technopanic.

No exploit should be taken lightly, but further evidence needs to be demonstrated before we start panicking on this one. And even if this evidence does surface, the API can be updated to include user permissions or whatever is necessary to thwart any potential privacy issues.