Researchers have found a bit of code inside HTML5 that could let your cellphone battery spy on you. This bit of code is designed to work on most websites across the Internet. What it does is report the battery status of users devices so that the site can help lessen the load on the battery preserving charge. But that same data the site is collecting on the battery can be used to track and locate a device as it moves around the Internet. Researchers say that even if you have privacy measures in place this will still affect you because websites do not have to ask permission for the battery data and data the script is calling for is not protected.
A website could put those two numbers together and watch for a phone with an identical or similar profile appearing on other pages, for instance. Malicious people could then put those two events together and work out that the same phone had accessed both websites, which can usually be hidden.
The idea behind sending battery stats to websites you visit to help you preserve battery on your mobile device is a great idea. According to the researchers not even using a VPN to anonymize your identity is a sure thing, security issues in the battery script could provide a way around that. It would be nice if somehow a website could warn you that the script is running and allow you to decline running the script.
Right now I wouldn’t freak out over the issue as the research is fresh and the researchers have likely contacted companies to inform them. We could be seeing either some recalled batteries and phones or updates to mobile software and Internet website scripts.
What do you think of this story? Let us know in the comments below or on Google+, Facebook and Twitter.