Security Analyst Recommends Immediate Google Maps Privacy Settings Changes on New Devices
What Happened — A ZDNet article outlines ten Google Maps configuration tweaks that users should apply as soon as they install the app on a new phone, focusing on privacy hardening and feature activation.
Why It Matters for TPRM —
- Mobile navigation apps collect location, search, and habit data that can be leveraged in profiling attacks.
- Third‑party risk programs must assess the data‑handling practices of SaaS providers used by employees on corporate devices.
- Unadjusted defaults increase the attack surface for credential‑stuffing, phishing, and location‑based social engineering.
Who Is Affected — Enterprises with BYOD or corporate‑issued mobile fleets, especially those in technology, finance, and field‑service sectors that rely on Google Maps for logistics.
Recommended Actions —
- Instruct device‑provisioning scripts to open Google Maps settings and apply the recommended toggles.
- Update mobile device management (MDM) policies to enforce location‑history disabled and ad‑personalization off.
- Periodically audit employee devices for compliance with the privacy baseline.
Technical Notes — The guidance covers disabling location history, turning off personalized ads, limiting background activity, and enabling “incognito mode” for searches. No CVEs or exploits are involved; the risk is data‑exposure through default telemetry. Source: ZDNet article