Websites bypass mobile app permissions to access device sensors


In September 2018, researchers discovered that websites accessed via mobile phones could access an array of device sensors, unlike apps, which request permissions for such access. The researchers found that 3,695 of the top 100,000 websites incorporate scripts that tap into one or more sensors, including Wayfair, Priceline, and Kayak. Unlike location sensors, motion, lighting, and proximity sensors have no mechanism for notifying users and requesting permission. Ad blockers were not effective in blocking these scripts. Because sensor access helps smartphones calibrate pages to their capabilities, access is included in World Wide Web Consortium standards, though W3C acknowledges the potential for privacy concerns.

tags: smartphones, mobile, websites, sensors, permissions, ad blockers
Writer: Lily Hay Newman
Publication:  Wired

Learn more
Related learning resources