HomeIntelligenceBrief
BREACH BRIEF🟡 Medium Advisory

Google Settles $135M Over Android Location‑Data Privacy Violations Impacting Millions of U.S. Users

Google has agreed to a $135 million settlement to resolve claims that its Android OS harvested precise location data without user consent. The deal covers eligible U.S. users with cellular‑enabled Android devices since November 2017, raising significant third‑party risk considerations for organizations that rely on Android platforms.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 techrepublic.com
🟡
Severity
Medium
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
techrepublic.com

Google Settles $135M Over Android Location‑Data Privacy Violations Impacting Millions of U.S. Users

What Happened – Google agreed to a $135 million settlement to resolve allegations that its Android operating system collected users’ precise location data via cellular‑network signals without proper consent. The settlement covers eligible U.S. users who operated Android devices with cellular data from November 2017 onward.

Why It Matters for TPRM

  • Un‑consented data collection can expose downstream vendors to regulatory scrutiny and class‑action liability.
  • Third‑party apps and services that rely on Android APIs may inherit privacy‑risk exposure.
  • Ongoing monitoring of Google’s compliance commitments is required to assess residual risk to your organization’s mobile‑device strategy.

Who Is Affected – Consumer‑technology firms, mobile‑app developers, enterprises that provide Android‑based devices or BYOD programs, and any MSP/MSSP that manages Android fleets.

Recommended Actions – Review contracts and data‑processing agreements with Google and any Android‑device vendors; verify that privacy‑by‑design controls are in place for location‑data handling; monitor settlement claim‑submission deadlines and update incident‑response playbooks for potential related complaints.

Technical Notes – The alleged practice involved Android’s “network‑based location” service, which leveraged cell‑tower triangulation to infer precise location even when GPS was disabled. No specific CVE was cited; the issue stems from a privacy‑policy violation rather than a software flaw. Source: TechRepublic Security

📰 Original Source
https://www.techrepublic.com/article/news-google-android-privacy-settlement/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

A privacy incident is a question about your consent record.

CookiePLUS and Verisq AI Trust Operations keep consent, DSAR, and data-handling evidence continuously ready — so a data-exposure event finds you prepared, not scrambling.

See how Verisq AI Trust Operations handles privacy →