Google said Tuesday that any location-based data it collects via its Android mobile operating system is anonymous in nature and the majority of that information is deleted after one week.
"The location information sent to Google servers when users opt in to location services on Android is anonymized and stored in the aggregate and is not tied or traceable to a specific user," Alan Davidson, director of public policy at Google, said in prepared remarks for the Senate Judiciary Committee. "The collected information is stored with a hashed version of an anonymous token, which is deleted after approximately one week."
Davidson said a "small amount" of data related to nearby Wi-Fi access points and cell phone towers is stored on Android devices "to help the user continue to enjoy the service when no server connection is available and to improve speed and battery life, [but] this information on the device is likewise not tied or traceable to a specific user," he said.
Davidson, as well as Apple's Guy Tribble, are scheduled to appear before the new Senate Judiciary Subcommittee on Privacy, Technology and the Law to discuss location-based data collected by smartphones. The subcommittee decided to address the issue after researchers said last month that Apple iOS 4 location information was stored in an insecure manner and accessible to anyone who stumbled upon your iPhone, iPad, or the computer with which you synced your iOS device. That prompted concerns that Apple, and anyone who looked at that data, could track your whereabouts.
Apple later said iOS 4 devices captured so much data due to a "bug." That bug was fixed last week via iOS 4.3.3, but members of Congress still have questions for Apple, and Google. As a result, both companies will face the Senate subcommittee today.
In its testimony, Google discussed its Google Location Server, an Internet database on Google servers with information from Wi-Fi access points and cell towers.
"Device manufacturers can install the Google Network Location Provider application for Android (pursuant to a license with Google) on their devices. This application can determine a user's estimated location using the Google Location Server, to make location information available to users whether they are indoors and outdoors, more quickly, and using less battery power than GPS services," Davidson said. "This Network Location Provider is turned off by default, and can be turned on by the user during the phone's initial setup or in the device settings."
Davidson acknowledged, however, that Google cannot always control the third-party apps that license this data.
"If the user chooses to trust an application with location information by proceeding with the installation after viewing the location-related permissions, then that application could potentially store this location information on the device or transmit the information off the device if the application also has the Internet access permission," he said.
Google also admitted to some of its privacy shortfalls in recent years, including its Google Buzz service and the inadvertent collection of data from unencrypted Wi-Fi networks. Since then, Google has implemented a number of privacy guidelines and entered into an agreement with the Federal Trade Commission for an independent review of its privacy procedures every two years.
Davidson and Tribble are scheduled to testify and answers questions from the panel later this morning, so stay tuned for more details.