Android device users' location have been sent to the company whenever they are in range of a mobile base station.
The firm allegedly admitted it has been using customers’ phones to retrieve mobile base stations.
The locations have reportedly been collected even when a Sim card is removed or the device's location is turned off.
Although the "Cell ID", or mast location, data sent to Google was encrypted and the company said it had considered using it only to improve messaging services, criminal hackers could potentially intercept it and track users’ movements.
Google said the data was "immediately discarded" and promised to update phones to prevent it happening in the future.
But Graham Wood, of online rights group Privacy International, said: "When we buy a smartphone we don’t expect it to betray us, but, as this highlights, we have little knowledge or control over our devices.
"Even when we take precautionary measures that go beyond what the average user would do, it appears we cannot escape being tracked."
Phone networks routinely collect data about where mobile users are, via information recorded from phone masts across the country. Police have used this information to investigate serious crimes as a person’s whereabouts can be narrowed down to within a few streets.
However, it has now been revealed that Google was also receiving this data from Android phone users who had a program called Google Play Services - a key component of the operating system - running in the background.
- Daily Mail