The past few weeks have left web users increasingly concerned about their personal security. Both ride-sharing app Uber and image hosting website Imgur announced large-scale data breaches resulting in the theft of user login credentials and other personal data, with the Uber hack affecting 57 million, while the Imgur breach impacted 1.7 million. However, users aren’t just concerned about their logins, as a recent announcement from Google revealed an alarmingly invasive feature of Android smartphones that revealed something far more sensitive.

Since their introduction, cellphones have proved a valuable tool for law enforcement. While the ability to access call and text records of suspects or victims is obvious, the phone itself can be used to track a person’s movements even without this data. Cellphones remain in communication with nearby cell towers to maintain a signal; in turn, this data can be used to track the movements of the phone, and therefore the device’s carrier. This functionality, which is necessary for things like GPS apps, has even been adopted as a sort of security feature, with users able to track their lost or stolen devices via “find my phone” apps. That said, some users are uncomfortable with the idea of their every movement potentially being recorded, and thus it’s common for Android and other devices to enable the user to disable location features.

Android users were shocked to learn that, even with the location service shut off, devices continued to transmit location info, whether from cell towers or wi-fi, back to Google. The company confirmed this in an interview with media website Quartz as an intentional feature. According to Google, their reasoning for maintaining this connection despite the shutoff was to improve messaging and push notification services.

The company also clarified that the information was unlike the location data used for GPS apps, targeted advertising, and similar features. How precisely it differed is unclear. They said the data was encrypted during transit and was not permanently stored on any of the company’s servers. While it’s true that a hacker could maliciously gain access to this information, it would require compromising the device directly, and at that point location data would be revealed anyway. Despite rationalizing the situation, Google confirmed that this location tracking would be suspended on Android devices by the end of November. While the feature is less insidious than many are making it out to be, Google has clearly recognized it as a negligent overstep of user trust.