Those with Android devices, which use the web giant’s operating system, have been unwittingly sending their location to the company whenever they are in range of a mobile mast.
The firm admitted it has been using customers’ phones to find out where masts are sited, even if they have removed the Sim card or switched off location functions.
Although the "Cell ID", or mast location, data sent to Google was encrypted and the company said it had considered using it only to improve messaging services, criminal hackers could potentially intercept it and track users’ movements.
Google said the data was "immediately discarded" and promised to update phones to prevent it happening in the future.
But Graham Wood, of online rights group Privacy International, said: "When we buy a smartphone we don’t expect it to betray us, but, as this highlights, we have little knowledge or control over our devices.
"Even when we take precautionary measures that go beyond what the average user would do, it appears we cannot escape being tracked."
Phone networks routinely collect data about where mobile users are, via information recorded from phone masts across the country. Police have used this information to investigate serious crimes as a person’s whereabouts can be narrowed down to within a few streets.
However, it has now been revealed that Google was also receiving this data from Android phone users who had a program called Google Play Services - a key component of the operating system - running in the background.
- Daily Mail