How your Battery Life could be used as an Undeletable Cookie


Mark Stockley reports on the Sophos Naked Security website that the HTML5 battery status API (Application Program Interface) on mobile phones can be used to track the phone user.

The technique in a recently released paper, relies on the fact that browsers such as Chrome, Firefox and Opera will provide information about battery status to any website that asks for it, without asking the phone users permission.  The information given up is a series of values covering discharging and charging.  However, it is very unlikely that two or more users will have the same value in a short time frame thus effectively making it a unique identifier for the device.

These battery values are usually very short-lived; however, they could last long enough to allow a tracking website to respawn deleted cookies and defeat incognito modes.  Currently the only browser that offers protection against battery tracking is the Tor browser which completely disables the API.

The use of battery status information to track phone users has been highlighted on the Newsblog previously.  See the previous article about tracking phone location using power use here.