The issue comes from a piece of software on HTML5, the technology used to allow people read sites on the web, which notifies websites how much battery is left in a user’s phone and is intended to allow websites to help preserve battery if phones are running low. However, the same information can be used to locate phones as they move around the internet, allowing users to be tracked.
Websites and the scripts running them do not require users' permission to see how much charge is left. Instead, phones will automatically respond to the request to say how much charge they have and how long it’d take to return to a full charge.
The same information can be used as a way of identifying the phones themselves as users visit different sites, without them ever knowing. By noting these details, a website can watch for a phone with an identical or similar detail appearing on other pages, for instance. It can also work out what pages that user visited, even if they’re using private browsing or a VPN (virtual private network). It’s naturally a huge concern for the users and violation of their right to privacy. This kind of tracking could be really hard to escape, since almost all devices are vulnerable. However, the risk is higher for old or used batteries with reduced capacities.
Technology like private browsing, which restricts websites from reading tracking cookies that have previously been saved and VPNs, which are used to route internet traffic through another place, to obscure it are usually enough to keep malicious people from following a user around the internet. However, the security problems in the battery software could be used to get around those precautions.
The researchers recommend that sites should at least ask permission to access the battery information instead of doing it automatically. The researchers also suggest that users should be provided with more information regarding the battery status software being used and to cut down the precision of battery level readouts, to just round off the numbers instead of giving the exact figures.
According to researchers, Firefox, Chrome, and Opera were among the Web-browsers that supported Battery Status API as of June 2015. This affects both mobile devices and laptops. People can use Tor, a Firefox-based browser with improved privacy and security features, to hide their identity, researchers said.