Google Settles $135M Over Android Location‑Data Privacy Violations Impacting Millions of U.S. Users
What Happened – Google agreed to a $135 million settlement to resolve allegations that its Android operating system collected users’ precise location data via cellular‑network signals without proper consent. The settlement covers eligible U.S. users who operated Android devices with cellular data from November 2017 onward.
Why It Matters for TPRM –
- Un‑consented data collection can expose downstream vendors to regulatory scrutiny and class‑action liability.
- Third‑party apps and services that rely on Android APIs may inherit privacy‑risk exposure.
- Ongoing monitoring of Google’s compliance commitments is required to assess residual risk to your organization’s mobile‑device strategy.
Who Is Affected – Consumer‑technology firms, mobile‑app developers, enterprises that provide Android‑based devices or BYOD programs, and any MSP/MSSP that manages Android fleets.
Recommended Actions – Review contracts and data‑processing agreements with Google and any Android‑device vendors; verify that privacy‑by‑design controls are in place for location‑data handling; monitor settlement claim‑submission deadlines and update incident‑response playbooks for potential related complaints.
Technical Notes – The alleged practice involved Android’s “network‑based location” service, which leveraged cell‑tower triangulation to infer precise location even when GPS was disabled. No specific CVE was cited; the issue stems from a privacy‑policy violation rather than a software flaw. Source: TechRepublic Security