A private research last year warned of the possibility of site owners using a particular web standard to tell how much battery life a mobile device has. This feature is known as Battery status API and was introduced in HTML 5, which has been shipped in Chrome, Firefox, and Opera by August 2015. This version of the code allows owners to monitor the percentage of battery life left in a device, time it will take to discharge or even the time it will take to charge when connected to a power source.
The battery status API was introduced with the purpose of allowing site owners to serve low-power versions of the site and app to users remaining with low battery capacity. After its introduction, a private researcher warned that it could be used to spy on users. A combination of the battery life and battery life as a percentage can provide 14 million combinations in seconds, providing a unique identifier for each device.
Now researchers from Princeton University have shown that the battery status API is actually being used to track users. Steve Engelhard and Arvind Narayanan, established that by running a specially modified browser, two scripts are found that used the API to ‘fingerprint’ a particular device, giving them the opportunity to identify it continuously across multiple contexts. Unlike other tracking mechanisms the likes of cookies, the Battery Status API, unfortunately, cannot be turned off. This means that it can be used to track your online presence even when web users have disabled cookies, are using a virtual private network or have activated a private browsing mode.
Princeton security researchers established that a combination of battery status API with other web identifiers such as one’s IP address and browser extension, which is already being used by some websites to fingerprint a user’s device, could make tracking relatively easy. The researchers admitted that they are not certain on what the information is currently being used for. Business could potentially try and target users with specific personalized ads, products, and promotions using your device’s unique ‘digital fingerprint.’
The findings from Princeton University were highlighted by Lukasz Olejnik, a leading research who first highlighted the potential issue with the battery status API in 2015. Olejnik definitely achieved some success following his early warning, with the group in charge of the web’s standards thanking his team for analysis. Olejniks has warned that battery API still has the potential for misuses in spite of the fact that it is only used for scripts currently.
featured image credit:news.sky