Researchers claim that phone batteries do help spy on you

By JC Torres/Aug. 7, 2015 3:30 am EST

There might be some credence to worries that your smartphone batteries can undermine your privacy after all. But not as ludicrous as the NFC antenna mistaken for a spying contraption. This new theory has the backing of French and Belgian researchers. But before you throw out that battery, be aware that it isn't the battery itself that is doing the potential spying. It is merely an unwilling accomplice for less than conscientious websites that might be trying to identify your device, whether you like it or not. And you probably don't.

At the very heart of this theory is HTML5, or to be specific, its battery status API. This particular feature, in theory, would allow websites to check the remaining amount of charge on a mobile device and, if its below a comfortable level, switch out to a less resource intensive version of the web page. Sounds innocent and useful enough, right?

The problem is that it might not be that innocent after all. Unlike mobile apps or even some websites, asking for battery information doesn't need user permission. It was set up that way because the World Wide Web Consortium (or W3C) that approved the HTML5 API presumed that such battery status doesn't include any identifiable information. According to these security researchers, however, they do somewhat.

The information that the API yields can be specific, down to the number of seconds before the battery fully discharges and the remaining battery capacity percentage. These two numbers taken together can form a sort of ID that is unique among possibly 14 million combinations. Website can then potentially associate this number with the visitor viewing the page.

Sure, your battery information isn't going to suddenly give out your name, address, or credit card number, but if web sites can make a connection between a battery and the visitor, they can potentially track you down in the future. Hiding behind a VPN won't solve the problem either, as the association can still be inferred based on time of visit and the battery information.

A solution partly requires web browser makers to make sure battery information isn't so easily harvested by web sites. The other part depends on changes to the HTML5 Battery API. Given how long HTML5 was finally approved, however, that could likely take a long, long time.

SOURCE: The Guardian