Mobile Websites Can Tap Into Your Phone’s Sensors Without Asking (wired.com)

When apps wants to access data from your smartphone’s motion or light sensors, they often make that capability clear. That keeps a fitness app, say, from counting your steps without your knowledge. But a team of researchers has discovered that the rules don’t apply to websites loaded in mobile browsers, which can often access an array of device sensors without any notifications or permissions whatsoever. From a report: That mobile browsers offer developers access to sensors isn’t necessarily problematic on its own. It’s what helps those services automatically adjust their layout, for example, when you switch your phone’s orientation. And the World Wide Web Consortium standards body has codified how web applications can access sensor data. But the researchers — Anupam Das of North Carolina State University, Gunes Acar of Princeton University, Nikita Borisov of the University of Illinois at Urbana-Champaign, and Amogh Pradeep of Northeastern University — found that the standards allow for unfettered access to certain sensors. And sites are using it.

The researchers found that of the top 100,000 sites — as ranked by Amazon-owned analytics company Alexa — 3,695 incorporate scripts that tap into one or more of these accessible mobile sensors. That includes plenty of big names, including Wayfair, Priceline.com, and Kayak.

Powered by WPeMatico