How Websites Are Tracking You Through Phone Battery Status

Nowadays, it’s fairly commonplace to be tracked when using the internet. Between location services, cookies, malware and more, users go about their business comfortably knowing that at least some portion of their online activity is being tracked. Another tracking method has been revealed by two researchers from Stanford University, and its not something that would immediately come to mind- battery status.

That’s right; your device’s battery status can be used to track your online activity. A web standard introduced back in 2015 included in the HTML5 protocol (aka the code used to lay out the majority of websites) that includes a specific API that reveals how much battery life a mobile device has left to site owners. This Battery Status API is designed to decide when a low-power version of a site or web app should be loaded, but it also lets site owners see the battery percentage left, discharge and charge times, and if the device is connected to a power source.

Although privacy researchers and advocates pointed this potential issue out back when HTML5 was freshly introduced, this weakness hasn’t been brought to light until recently. The information being captured about a device, while seemingly harmless, is enough to create a basic unique identifier for each and every device visiting a website. Security researchers have even found two tracking scripts that use this API to identify a device in multiple places via a “fingerprint” attached to the device.

It’s important to note that the Battery Life API only tracks a handful of pieces of information about your battery life. It doesn’t grant the site owner access to any information or data stored on your device such as text messages or app info. Still, it’s enough valuable information where companies are looking at the Battery Life API as a money making opportunity. For example, if we look at apps such as Uber or Lyft, users may be prone to accepting higher or surge prices if their battery life is running low to ensure that they get a ride.

For now, it’s unclear how many companies, individuals, and organizations utilize battery status tracking (for both beneficial and malicious purposes). Just remember, VPNs and AdBlockers won’t keep your battery information safe, so play it safe!

 

Share this post