Android Data Collection: Difference between revisions
Added more references about data collection, mentioned danger of tracking through bloatware |
fixed references formatting |
||
| (One intermediate revision by one other user not shown) | |||
| Line 2: | Line 2: | ||
==Background== | ==Background== | ||
'''[[Android]]''', the global top mobile operating system,<ref>https://gs.statcounter.com/os-market-share/mobile/worldwide</ref> is used to power billions of devices globally. Tests have shown that Android phones transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control. | '''[[Android]]''', the global top mobile operating system,<ref>{{Cite web |title=Mobile Operating System Market Share Worldwide |url=https://gs.statcounter.com/os-market-share/mobile/worldwide |url-status=live |access-date=15 Mar 2025 |website=[[StatCounter]]}}</ref> is used to power billions of devices globally. Tests have shown that Android phones transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control. | ||
A study found that data collection happens without any chance to opt out even before the user has even opened their first app.<ref>{{Cite web |last=Jones |first=Connor |date= | A study found that data collection happens without any chance to opt out even before the user has even opened their first app.<ref>{{Cite web |last=Jones |first=Connor |date=4 Mar 2025 |title=How Google tracks Android device users before they've even opened an app |url=https://www.theregister.com/2025/03/04/google_android/ |access-date=2025-03-05 |website=The Register}}</ref> | ||
Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps (Facebook, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.<ref>{{Cite web |last=Trinity College Dublin |date=October 11, 2021 |title=Study reveals scale of data-sharing from Android mobile phones |url=https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html |access-date=2025-03-05 |website=TechXplore}}</ref> | Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps (Facebook, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.<ref>{{Cite web |last=Trinity College Dublin |date=October 11, 2021 |title=Study reveals scale of data-sharing from Android mobile phones |url=https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html |access-date=2025-03-05 |website=TechXplore}}</ref> | ||
==Data sharing with Google== | ==Data sharing with Google== | ||
A research examined the frequency of data sharing between Google and Android phones.<ref name=":0">https://www.scss.tcd.ie/doug.leith/apple_google.pdf</ref> The research showed that even if an Android phone is set to minimal setting and left on its own, it shares data with Google on average every 4.5 minutes. The shared data includes sensitive information like: | A research examined the frequency of data sharing between Google and Android phones.<ref name=":0">{{Cite web |last=Leith |first=Douglas J. |date=25 Mar 2021 |title=Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google |url=https://www.scss.tcd.ie/doug.leith/apple_google.pdf |url-status=live |access-date=15 Mar 2025}}</ref> The research showed that even if an Android phone is set to minimal setting and left on its own, it shares data with Google on average every 4.5 minutes. The shared data includes sensitive information like: | ||
*IMEI (International Mobile Equipment Identity) | *IMEI (International Mobile Equipment Identity) | ||
| Line 19: | Line 19: | ||
In addition, Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Android sends its information to Google automatically. | In addition, Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Android sends its information to Google automatically. | ||
Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.<ref>https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf</ref> These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely: | Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.<ref>{{Cite web |last=Leith |first=Douglas J. |date=28 Feb 2022 |title=What Data Do The Google Dialer and Messages Apps On Android Send to Google? |url=https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf |url-status=live |access-date=15 Mar 2025}}</ref> These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely: | ||
*Google Messages sends a message text hash so Google can match the sender and receiver in a message exchange. | *Google Messages sends a message text hash so Google can match the sender and receiver in a message exchange. | ||
| Line 34: | Line 34: | ||
Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default. | Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default. | ||
For this, Google was sued in the United States<ref>https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/</ref> and in Australia.<ref>https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations</ref> | For this, Google was sued in the United States<ref>{{Cite web |last=Gatlan |first=Sergiu |date=14 Nov 2022 |title=Google will pay $391M to settle Android location tracking lawsuit |url=https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |url-status=live |access-date=15 Mar 2025 |website=[[BleepingComputer]]}}</ref> and in Australia.<ref>{{Cite web |date=12 Aug 2022 |title=Google LLC to pay $60 million for misleading representations |url=https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |url-status=live |access-date=15 Mar 2025 |website=[[ACCC]]}}</ref> | ||
==Privacy respecting alternatives== | ==Privacy respecting alternatives== | ||
| Line 41: | Line 41: | ||
This is a serious cause of concern as far as user privacy and control over one's own data are concerned. Though some measures, such as the use of [[wikipedia:List_of_custom_Android_distributions|custom ROMs]] or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user. | This is a serious cause of concern as far as user privacy and control over one's own data are concerned. Though some measures, such as the use of [[wikipedia:List_of_custom_Android_distributions|custom ROMs]] or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user. | ||
French non-profit [https://murena.com/ Murena] sells devices pre-flashed with their de-googled Android version [https://e.foundation/ /e/ OS], making privacy friendly Android phones accessible to non-technical users. However, the project has a history of not always addressing security vulnerabilities in a timely manner<ref>https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839</ref> and thus the user is required to make a certain tradeoff between privacy and security, though the situation is still much better than the millions of phones in active use that no longer get manufacturer support. | French non-profit [https://murena.com/ Murena] sells devices pre-flashed with their de-googled Android version [https://e.foundation/ /e/ OS], making privacy friendly Android phones accessible to non-technical users. However, the project has a history of not always addressing security vulnerabilities in a timely manner<ref>{{Cite web |last=Duval |first=Gael |date=Sep 2023 |title=Some clarification regarding security vs privacy in /e/OS |url=https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839 |url-status=live |access-date=15 Mar 2025 |website=[[e]]}}</ref> and thus the user is required to make a certain tradeoff between privacy and security, though the situation is still much better than the millions of phones in active use that no longer get manufacturer support. | ||
==References== | ==References== | ||
<references /> | <references /> | ||
[[Category:Android]] | [[Category:Android]] | ||
[[Category:Data | [[Category:Data collection]] | ||
Latest revision as of 15:50, 15 March 2025
This article addresses the manner in which Android phones share personal user information with Google, usually in a complete user unaware and unapproved way, and the legal consequences Google has endured for deceptive practices in users' location tracking.
Background[edit | edit source]
Android, the global top mobile operating system,[1] is used to power billions of devices globally. Tests have shown that Android phones transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control.
A study found that data collection happens without any chance to opt out even before the user has even opened their first app.[2]
Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps (Facebook, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.[3]
Data sharing with Google[edit | edit source]
A research examined the frequency of data sharing between Google and Android phones.[4] The research showed that even if an Android phone is set to minimal setting and left on its own, it shares data with Google on average every 4.5 minutes. The shared data includes sensitive information like:
- IMEI (International Mobile Equipment Identity)
- Hardware serial number
- SIM serial number and IMSI (International Mobile Subscriber Identity)
- Handset phone number
In addition, Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Android sends its information to Google automatically.
Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.[5] These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely:
- Google Messages sends a message text hash so Google can match the sender and receiver in a message exchange.
- Google Dialer also transmits call time and call duration to Google for linking both devices for a call.
- Both of the apps forward phone numbers to Google.
- Both user interaction timing and duration with both apps are also forwarded to Google in addition to the above.
No exemption option exists in the data transmission. Data comes through two pathways:
- The Google Play Services Clearcut logger.
- Google/Firebase Analytics.
Location History Lawsuit[edit | edit source]
Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.
For this, Google was sued in the United States[6] and in Australia.[7]
Privacy respecting alternatives[edit | edit source]
Not many, if any, alternatives are available to users for completely avoiding this data sharing. Even attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.[4]
This is a serious cause of concern as far as user privacy and control over one's own data are concerned. Though some measures, such as the use of custom ROMs or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.
French non-profit Murena sells devices pre-flashed with their de-googled Android version /e/ OS, making privacy friendly Android phones accessible to non-technical users. However, the project has a history of not always addressing security vulnerabilities in a timely manner[8] and thus the user is required to make a certain tradeoff between privacy and security, though the situation is still much better than the millions of phones in active use that no longer get manufacturer support.
References[edit | edit source]
- ↑ "Mobile Operating System Market Share Worldwide". StatCounter. Retrieved 15 Mar 2025.
{{cite web}}: CS1 maint: url-status (link) - ↑ Jones, Connor (4 Mar 2025). "How Google tracks Android device users before they've even opened an app". The Register. Retrieved 2025-03-05.
- ↑ Trinity College Dublin (October 11, 2021). "Study reveals scale of data-sharing from Android mobile phones". TechXplore. Retrieved 2025-03-05.
- ↑ 4.0 4.1 Leith, Douglas J. (25 Mar 2021). "Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google" (PDF). Retrieved 15 Mar 2025.
{{cite web}}: CS1 maint: url-status (link) - ↑ Leith, Douglas J. (28 Feb 2022). "What Data Do The Google Dialer and Messages Apps On Android Send to Google?" (PDF). Retrieved 15 Mar 2025.
{{cite web}}: CS1 maint: url-status (link) - ↑ Gatlan, Sergiu (14 Nov 2022). "Google will pay $391M to settle Android location tracking lawsuit". BleepingComputer. Retrieved 15 Mar 2025.
{{cite web}}: CS1 maint: url-status (link) - ↑ "Google LLC to pay $60 million for misleading representations". ACCC. 12 Aug 2022. Retrieved 15 Mar 2025.
{{cite web}}: CS1 maint: url-status (link) - ↑ Duval, Gael (Sep 2023). "Some clarification regarding security vs privacy in /e/OS". e. Retrieved 15 Mar 2025.
{{cite web}}: CS1 maint: url-status (link)