Is IT tracking your location via smartphone?

Let's say you scored a boondoggle to Los Angeles for a business conference, and instead sneaked off to nearby Disneyland with the family for a vacation on the corporate dime. Or maybe you simply told your boss you were meeting a client, but hit the golf links with your buddies.

If you carry a work-related iPhone, BlackBerry, Android or Windows Phone 7 smartphone, IT can track your movements. Never mind all the hand-wringing over the recent discussion that an iPhone secretly records its location in an obscure file stored locally and on the iTunes-synced PC - all unbeknownst to the user. Virtually every smartphone can deliver this information to IT, if IT is inclined to track it.

"If companies wanted to, they could do it," says Erik Woodland, technical support supervisor and network administrator at Fenner Drives, a manufacturer of power transmission and related products. "The technology has been around a long time."

Woodland is quick to point out that his BlackBerry-turned-iPhone company doesn't use the iPhone's now-infamous location file nor does Fenner Drives track employee whereabouts.

Other companies have been doing this for years in certain industries, such as transportation, via tracking software, such as TeleNav Track.

Apple iPhone Not Only Device Involved

Privacy advocates slammed Apple last week after researchers found that some iPhones record location information. Like all phones, the iPhone needs to know its location in order to connect to the right cell tower. The iPhone logs this location information in an unencrypted file.

Can this file be used to keep tabs on employees and executives? "Absolutely," says Forrester analyst Chenxi Wang. "This location history file is perhaps another data source for [mobile device management] systems."

Yet location information obtained via a smartphone's GPS chip isn't anything new. A host of mobile apps ask the user to enable the smartphone's GPS feature for location tracking. Wireless carriers also log location information but usually won't release it without a court order.

While Wang doesn't think a location file like the one stored on the iPhone exists on an Android phone, Android itself transmits the phone location data back to a Google server periodically, according to a discovery made by the Wall Street Journal. Last year, Duke University researchers found that some of the most common Android apps transmit geo-location data to third-party ad or content servers, Wang says.

At the enterprise level, mobile management and security software vendor Zenprise gives companies the option to pull location information from BlackBerries, Androids and Windows Mobile phones and store it on the corporate server. The main reason companies activate this feature is to be able to find lost or stolen devices or to route field service technicians to nearby customers, says Ahmed Datoo, chief marketing officer at Zenprise.

Zenprise doesn't pull location data from the iPhone or access the iPhone's location file (even though it would be easy to do so) because Apple already provides a good service in MobileMe for tracking down lost or stolen iPhones, Datoo says.

Be Careful What Privacy You Sign Away

So is your employer tracking your movements through a smartphone? After all, IT has been known to monitor and log text messages, emails, even Web sites such as Facebook that you've visited on your PC or mobile device. Monitoring a mobile device's location and logging its history doesn't seem like much of a stretch.

If you think you're in the clear because you own the mobile device, think again. According to Zenprise, more than a few companies require employees who want to connect their personal smartphone or iPad to the corporate network to sign a legal document that entitles IT to access the device, manage apps, wipe data if necessary -- and, in some cases, track the device's location.

"For company-issued devices, the organization is much more likely to mandate that it can track the location," Datoo says.

Chances are, though, that a company isn't tracking location every minute of the day merely to monitor an employee's whereabouts. Pulling location information via the GPS chip drains the battery, says Datoo, so there needs to be a good reason to collect this information.

"I don't think any company today is using location data to keep tabs on how employees are spending their time -- it seems too far-fetched a thing to do," Forrester's Wang says. "But the ability to locate a phone is a real request that we hear from our customers all the time."

Of course, your experience will vary depending on vertical industry. For example, in the trucking industry, many organizations do regularly track their employees' whereabouts, since truckers need to be on time, only drive a certain amount of hours per day and stay within speed limits. Software exists to monitor all of these things. Employees in these situations are routinely informed by employers that the tracking software exists.

Tom Kaneshige covers Apple and Networking for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline and on Facebook. Email Tom at

Join the CSO newsletter!

Error: Please check your email address.

Tags Appletelecommunicationconsumer electronicssecuritysmartphonesPhonesmobileprivacy

More about AppleBlackBerryetworkFacebookGoogleWall StreetWang

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tom Kaneshige

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place