Shopping centre uses mobile phone data to "monitor visitor levels"

Brian Morrison bdm at
Wed Aug 24 20:55:12 BST 2011

On Wed, 24 Aug 2011 17:20:32 +0100
Adrian Hayter <adrianhayter at> wrote:

> On 24 Aug 2011, at 17:14, Brian Morrison wrote:
> > Some places were intending to use Bluetooth to detect visitors, if the
> > phone is set to discoverable then the MAC address can be tracked and
> > all restricted to about a 10m radius.
> Even assuming the majority of people did keep their phone's Bluetooth turned
> on, it wouldn't be a very accurate tracker of Android devices. Unless
> Google have made radical changes in the last year, I'm pretty sure you
> can't keep the phone discoverable for longer than 300 seconds. It was
> a massive problem for me last summer when I was tasked with creating a
> sort of tracking system with the Android phones. We had to result to
> rooting the darn things and installing a special service just to keep
> Bluetooth running.

Yes, Android does at least try to reduce the security risks of leaving
BT devices discoverable, so it gets my vote for that. I also like
rooting Android devices, but to do it to then reduce the security is a
little unexpected.

I think the reason for using Bluetooth is that a discovery request is
nothing more than getting back a MAC address and so probably doesn't
contain any traffic data. How well it works in general I don't know,
but the systems I heard about appeared well before Android became as
popular as it has become.


Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
GnuPG key ID DE32E5C5 -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <>

More information about the ukcrypto mailing list