Android phone users may turn off their location services settings, take out their SIM card or restore their device to factory settings, but Google still collects their location data, according to a new report.

For the past 11 months, devices running on Android software have been sending “Cell ID codes,” which contain data on the addresses of nearby cellular towers, to Google, according to a report from Quartz.

After Quartz discovered the devices were collecting data, Google admitted to the practice.

“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” a Google spokesperson told Quartz.

Every time a device with a cellular data or WiFi connection came within range of a new cell tower, it would broadcast the addresses of nearby cellular towers and send the data to Google. However, the company said the data is “distinctly separate” from Location Services, which sends a device’s location to the applications.

Read more

Cell ID data only provides an approximate location of a mobile device, not a precise GPS location. However, a hacker could use other nearby cell towers to triangulate a user’s location to within a quarter-mile radius. A more narrow radius could be obtained for users in urban areas, where cell towers are much closer together.

There are more than 200,000 cell phone towers in the US, with a maximum range of less than 22 miles, according to Statistic Brain.

Google noted that the Cell ID data sent to their servers was encrypted, but Quartz noted that a hacker could divert the data to be collected by a third party through the use of spyware or other means.

Quartz found that the location-sharing was occurring on all modern Android devices. The report states that Android devices were sharing their location even when there was no SIM card installed and the user disabled location services.

Google’s privacy policy states that users may have their location data collected through “various technologies,” including “IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and cell towers.”

#Stingray tracking of cellphones unconstitutional without a warrant – US court https://t.co/3vKnctyjplpic.twitter.com/t1Pmrkbwoj — RT America (@RT_America) September 22, 2017

Google began using the Cell ID codes to boost their push notifications and messaging management system called Firebase Cloud Messaging, a source familiar with the matter told Quartz.

A source told Fox News that the Cell ID was used to ensure the devices “remain connected and that people get their messages.”

“In order for Android users to receive notifications and messages quickly, an Android device needs to maintain a persistent connection to Google servers using Firebase Cloud Messaging,” the source said. “To maintain this connection, devices need to ping the server at a regular interval.”

The Cell ID was never incorporated into Google’s network sync system and all the data was “immediately discarded,” the company said. The tech giant promised to roll out an update that removes the cell ID collecting feature by the end of this month.

