Android data collection: Difference between revisions

Latest revision as of 21:17, 17 April 2026

This article addresses the manner in which Android phones share personal user information with Google, usually in a complete user unaware and unapproved way, and the legal consequences Google has endured for deceptive practices in users' location tracking. This article also discusses non-Google OEM privacy concerns with companies who implement their own modified version of Android such as Samsung and Xiaomi.

Background

Android, the global top mobile operating system,^[1] is used to power billions of devices globally. Tests have shown that Android phones with Google Services transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control.

A study found that data collection happens without any chance to opt out even before the user has even opened their first app.^[2]

Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps Meta, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.^[3]

Data sharing with Google

A research study examined the frequency of data sharing between Google and Android phones with Google services.^[4] The study describes that even if minimally configured and in idle mode, the handset will share data with Google on an average of every 4.5 minutes. The shared data includes the following sensitive information:

IMEI (International Mobile Equipment Identity)

Hardware serial number
SIM serial number and IMSI (International Mobile Subscriber Identity)
Handset phone number

SUMMARY OF HANDSET DATA SHARED WITH APPLE AND GOOGLE WHEN USER IS NOT LOGGED IN.
	IMEI	Hardware Serial Number	SIM Serial Number	Phone Number	Device IDs	Location	Tele- metry	Cookies	Local IP Address	Device WiFi MAC Address	Nearby WiFi MAC Addresses
Apple iOS	✓	✓	✓	✓	UDID, Ad ID	✓	✓	✓	✓	x	✓
Google Android	✓	✓	✓	✓	Android ID, RDID/Ad ID, Droidguard key	x	✓	✓	x	✓	x

In addition, Google services on Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Google services sends its information to Google automatically.

Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.^[5] These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely:

Google Messages sends a message text hash so Google can match the sender and receiver in a message exchange.
Google Dialer also transmits call time and call duration to Google for linking both devices for a call.
Both of the apps forward phone numbers to Google.
Both user interaction timing and duration with both apps are also forwarded to Google in addition to the above.

No exemption option exists in the data transmission. Data comes through two pathways:

The Google Play Services Clearcut logger.
Google/Firebase Analytics.

Location History Lawsuit

Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.

For this, Google was sued in the United States and in Australia.^[6]^[7]

Data sharing with OEM’s custom Android

This section is incomplete. This notice can be deleted once all the placeholder text has been replaced.

Privacy respecting alternatives

Some alternatives are available to users for completely avoiding this data sharing. Attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.^[4]

The use of custom ROMs or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.

In general, Google services which are the source of most of the data collection serve two functions:

Application dependencies, like network location services, debugging tooling, advertising services etc.
Application distribution

A privacy replacing alternative should therefore have an alternative for these functions.

The only fully degoogled alternate configuration comprises of MicroG applications, which is an open source reimplementation of Google services. It provides necessary dependencies so that most of the applications which depend on Google services can function on a device without those Google services.

Another option is GrapheneOS, an optionally de-googled privacy and security focused Android ROM. While not replacing google play services completely, GrapheneOS offers a sandboxed version of the google play services. The sandboxing allows users to control the permissions of the google play services, limiting the privacy risk they pose. GrapheneOS has many other privacy features like more control over app permissions and automatic time-based Wifi and Bluetooth off switches. Despite these features, users may choose not to consider this Android ROM due to its development history and other controversies.^[8]^[9]

As for application distribution, alternate channels, such as F-droid, Aurora Store, Accrescent, and Obtanium, do exist. These alternative application sources allow users to install applications of their choosing without a single entity to regulate the applications. These application sources have different uses, with F-droid acting as an app store for only free and open source apps, Aurora Store acts as an anonymized version of the Google Play Store, Accrescent focuses on app-installation security, and Obtanium acts as an update-grabber from code repositories like Github, Gitlab, and Codeberg.

Murena, Fairphone and Iodé sells devices pre-installed with de-googled Android based on LineageOS and MicroG, making privacy friendly Android phones accessible to non-technical users. However, the operating system called /e/ on Murena devices has a history of not always addressing security vulnerabilities in a timely manner.^[10] However the situation is still much better than the millions of phones in active use that no longer get manufacturer support.

References

↑ "Mobile Operating System Market Share Worldwide". StatCounter. Archived from the original on 21 Feb 2026. Retrieved 15 Mar 2025.
↑ Jones, Connor (4 Mar 2025). "How Google tracks Android device users before they've even opened an app". The Register. Archived from the original on 14 Feb 2026. Retrieved 2025-03-05.
↑ Trinity College Dublin (October 11, 2021). "Study reveals scale of data-sharing from Android mobile phones". TechXplore. Archived from the original on 17 Nov 2025. Retrieved 2025-03-05.
↑ ^4.0 ^4.1 Leith, Douglas J. (25 Mar 2021). "Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google" (PDF). Archived (PDF) from the original on 19 Dec 2025. Retrieved 15 Mar 2025.
↑ Leith, Douglas J. (28 Feb 2022). "What Data Do The Google Dialer and Messages Apps On Android Send to Google?" (PDF). Archived (PDF) from the original on 19 Dec 2025. Retrieved 15 Mar 2025.
↑ Gatlan, Sergiu (14 Nov 2022). "Google will pay $391M to settle Android location tracking lawsuit". BleepingComputer. Archived from the original on 18 Feb 2026. Retrieved 15 Mar 2025.
↑ "Google LLC to pay $60 million for misleading representations". ACCC. 12 Aug 2022. Archived from the original on 16 Aug 2022. Retrieved 15 Mar 2025.
↑ https://youtube.com/watch?v=4To-F6W1NT0 (Archived)
↑ https://youtube.com/watch?v=Dx7CZ-2Bajg (Archived)
↑ Duval, Gael (Sep 2023). "Some clarification regarding security vs privacy in /e/OS". e. Archived from the original on 7 Nov 2025. Retrieved 15 Mar 2025.

[1] "Mobile Operating System Market Share Worldwide". StatCounter. Archived from the original on 21 Feb 2026. Retrieved 15 Mar 2025.

[2] Jones, Connor (4 Mar 2025). "How Google tracks Android device users before they've even opened an app". The Register. Archived from the original on 14 Feb 2026. Retrieved 2025-03-05.

[3] Trinity College Dublin (October 11, 2021). "Study reveals scale of data-sharing from Android mobile phones". TechXplore. Archived from the original on 17 Nov 2025. Retrieved 2025-03-05.

[:0-4] 4.0 ^4.1 Leith, Douglas J. (25 Mar 2021). "Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google" (PDF). Archived (PDF) from the original on 19 Dec 2025. Retrieved 15 Mar 2025.

[5] Leith, Douglas J. (28 Feb 2022). "What Data Do The Google Dialer and Messages Apps On Android Send to Google?" (PDF). Archived (PDF) from the original on 19 Dec 2025. Retrieved 15 Mar 2025.

[6] Gatlan, Sergiu (14 Nov 2022). "Google will pay $391M to settle Android location tracking lawsuit". BleepingComputer. Archived from the original on 18 Feb 2026. Retrieved 15 Mar 2025.

[7] "Google LLC to pay $60 million for misleading representations". ACCC. 12 Aug 2022. Archived from the original on 16 Aug 2022. Retrieved 15 Mar 2025.

[8] ttps://youtube.com/watch?v=4To-F6W1NT0 (Archived)

[9] ttps://youtube.com/watch?v=Dx7CZ-2Bajg (Archived)

[10] Duval, Gael (Sep 2023). "Some clarification regarding security vs privacy in /e/OS". e. Archived from the original on 7 Nov 2025. Retrieved 15 Mar 2025.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

@@ Line 1: / Line 1: @@
-This article addresses the manner in which Android phones share personal user information with [[Google]], usually in a complete user unaware and unapproved way, and the legal consequences Google has endured for deceptive practices in users' location tracking.
+{{IncidentCargo
+|Company=Google
+|StartDate=
+|EndDate=
+|Status=Unresolved
+|ProductLine=
+|Product=Android, Google Pixel
+|ArticleType=
+|Type=Privacy
+|Description=Google and Android phones alike deliberately collect user information, even when they choose to opt-out.
+}}
+This article addresses the manner in which Android phones share personal user information with [[Google]], usually in a complete user unaware and unapproved way, and the legal consequences Google has endured for deceptive practices in users' location tracking. This article also discusses non-Google OEM privacy concerns with companies who implement their own modified version of Android such as [[Samsung]] and [[Xiaomi]].
 ==Background==
-'''[[Android]]''', the global top mobile operating system,<ref>https://gs.statcounter.com/os-market-share/mobile/worldwide</ref> is used to power billions of devices globally. Tests have shown that Android phones transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control.
+'''[[Android]]''', the global top mobile operating system,<ref>{{Cite web |title=Mobile Operating System Market Share Worldwide |url=https://gs.statcounter.com/os-market-share/mobile/worldwide |url-status=live |archive-url=http://web.archive.org/web/20260221164626/https://gs.statcounter.com/os-market-share/mobile/worldwide |archive-date=21 Feb 2026|access-date=15 Mar 2025 |website=[[StatCounter]]}}</ref> is used to power billions of devices globally. Tests have shown that Android phones with [[List of Google products|Google Services]] transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control.
-A study found that data collection happens without any chance to opt out even before the user has even opened their first app.<ref>{{Cite web |last=Jones |first=Connor |date=4 Mar 2025 |title=How Google tracks Android device users before they've even opened an app |url=https://www.theregister.com/2025/03/04/google_android/ |access-date=2025-03-05 |website=The Register}}</ref>
+A study found that data collection happens without any chance to opt out even before the user has even opened their first app.<ref>{{Cite web |last=Jones |first=Connor |date=4 Mar 2025 |title=How Google tracks Android device users before they've even opened an app |url=https://www.theregister.com/2025/03/04/google_android/ |url-status=live |archive-url=http://web.archive.org/web/20260214065909/https://www.theregister.com/2025/03/04/google_android/ |archive-date=14 Feb 2026|access-date=2025-03-05 |website=The Register}}</ref>
-Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps (Facebook, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.<ref>{{Cite web |last=Trinity College Dublin |date=October 11, 2021 |title=Study reveals scale of data-sharing from Android mobile phones |url=https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html |access-date=2025-03-05 |website=TechXplore}}</ref>
+Moreover, most phone vendors do their own tracking on top and pre-install so-called [[bloatware]] in exchange for payment from the respective company, such as social media and shopping apps [[Meta]], [[TikTok]], Aliexpress, [[eBay]], …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.<ref>{{Cite web |last=Trinity College Dublin |date=October 11, 2021 |title=Study reveals scale of data-sharing from Android mobile phones |url=https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html |url-status=live |archive-url=http://web.archive.org/web/20251117171125/https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html |archive-date=17 Nov 2025|access-date=2025-03-05 |website=TechXplore}}</ref>
 ==Data sharing with Google==
-A research examined the frequency of data sharing between Google and Android phones.<ref name=":0">https://www.scss.tcd.ie/doug.leith/apple_google.pdf</ref> The research showed that even if an Android phone is set to minimal setting and left on its own, it shares data with Google on average every 4.5 minutes. The shared data includes sensitive information like:
+A research study examined the frequency of data sharing between Google and Android phones with Google services.<ref name=":0">{{Cite web |last=Leith |first=Douglas J. |date=25 Mar 2021 |title=Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google |url=https://www.scss.tcd.ie/doug.leith/apple_google.pdf |url-status=live |archive-url=http://web.archive.org/web/20251219165022/https://www.scss.tcd.ie/doug.leith/apple_google.pdf |archive-date=19 Dec 2025|access-date=15 Mar 2025}}</ref> The study describes that even if minimally configured and in idle mode, the handset will share data with Google on an average of every 4.5 minutes. The shared data includes the following sensitive information:
 *IMEI (International Mobile Equipment Identity)
@@ Line 16: / Line 27: @@
 *SIM serial number and IMSI (International Mobile Subscriber Identity)
 *Handset phone number
+{| class="wikitable sortable mw-collapsible"
+|+SUMMARY OF HANDSET DATA SHARED WITH APPLE AND GOOGLE WHEN USER IS NOT LOGGED IN.
+!
+!<small>IMEI</small>
+!<small>Hardware</small>
+<small>Serial</small>
+<small>Number</small>
+!<small>SIM</small>
+<small>Serial</small>
+<small>Number</small>
+!<small>Phone</small>
+<small>Number</small>
+!<small>Device IDs</small>
+!<small>Location</small>
+!<small>Tele-</small>
+<small>metry</small>
+!<small>Cookies</small>
+!<small>Local</small>
+<small>IP</small>
+<small>Address</small>
+!<small>Device WiFi MAC</small>
+<small>Address</small>
+!<small>Nearby</small>
+<small>WiFi MAC</small>
+<small>Addresses</small>
+|-
+|<small>Apple iOS</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>UDID, Ad ID</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|x
+|<small>✓</small>
+|-
+|<small>Google Android</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>Android ID,</small>
+<small>RDID/Ad ID,</small>
+<small>Droidguard</small>
+<small>key</small>
+|x
+|<small>✓</small>
+|<small>✓</small>
+|x
+|<small>✓</small>
+|x
+|}
+In addition, Google services on Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Google services sends its information to Google automatically.
-In addition, Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Android sends its information to Google automatically.
+Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.<ref>{{Cite web |last=Leith |first=Douglas J. |date=28 Feb 2022 |title=What Data Do The Google Dialer and Messages Apps On Android Send to Google? |url=https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf |url-status=live |archive-url=http://web.archive.org/web/20251219161507/https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf |archive-date=19 Dec 2025|access-date=15 Mar 2025}}</ref> These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely:
-Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.<ref>https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf</ref> These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely:
 *Google Messages sends a message text hash so Google can match the sender and receiver in a message exchange.
@@ Line 28: / Line 93: @@
 No exemption option exists in the data transmission. Data comes through two pathways:
-#The Google Play Services Clearcut logger.
+#The [[wikipedia:Google_Play_Services|Google Play Services]] Clearcut logger.
 #Google/Firebase Analytics.
@@ Line 34: / Line 99: @@
 Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.
-For this, Google was sued in the United States<ref>https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/</ref> and in Australia.<ref>https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations</ref>
+For this, Google was sued in the United States and in Australia.<ref>{{Cite web |last=Gatlan |first=Sergiu |date=14 Nov 2022 |title=Google will pay $391M to settle Android location tracking lawsuit |url=https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |url-status=live |archive-url=http://web.archive.org/web/20260218125205/https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |archive-date=18 Feb 2026|access-date=15 Mar 2025 |website=[[BleepingComputer]]}}</ref><ref>{{Cite web |date=12 Aug 2022 |title=Google LLC to pay $60 million for misleading representations |url=https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |url-status=live |archive-url=https://web.archive.org/web/20220816180655/https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |archive-date=16 Aug 2022 |access-date=15 Mar 2025 |website=[[ACCC]]}}</ref>
+==Data sharing with OEM’s custom Android==
+{{Incomplete section}}
 ==Privacy respecting alternatives==
-Not many, if any, alternatives are available to users for completely avoiding this data sharing. Even attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.<ref name=":0" />
+Some alternatives are available to users for completely avoiding this data sharing. Attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.<ref name=":0" />
+The use of [[wikipedia:List_of_custom_Android_distributions|custom ROMs]] or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.
+In general, Google services which are the source of most of the data collection serve two functions:
+#Application dependencies, like network location services, debugging tooling, advertising services etc.
+#Application distribution
+A privacy replacing alternative should therefore have an alternative for these functions.
+The only fully degoogled alternate configuration comprises of MicroG applications, which is an open source reimplementation of Google services. It provides necessary dependencies so that most of the applications which depend on Google services can function on a device without those Google services.
-This is a serious cause of concern as far as user privacy and control over one's own data are concerned. Though some measures, such as the use of [[wikipedia:List_of_custom_Android_distributions|custom ROMs]] or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.
+Another option is [[GrapheneOS]], an optionally de-googled privacy and security focused Android ROM. While not replacing google play services completely, GrapheneOS offers a sandboxed version of the google play services. The sandboxing allows users to control the permissions of the google play services, limiting the privacy risk they pose. GrapheneOS has many other privacy features like more control over app permissions and automatic time-based Wifi and Bluetooth off switches. Despite these features, users may choose not to consider this Android ROM due to its development history and other controversies.<ref> https://youtube.com/watch?v=4To-F6W1NT0 ([https://preservetube.com/watch?v=4To-F6W1NT0 Archived])</ref><ref> https://youtube.com/watch?v=Dx7CZ-2Bajg ([https://preservetube.com/watch?v=Dx7CZ-2Bajg Archived])</ref>
+As for application distribution, alternate channels, such as [https://f-droid.org/ F-droid], [https://auroraoss.com/aurora-store Aurora Store], [https://accrescent.app/ Accrescent], and [https://obtainium.imranr.dev/ Obtanium], do exist. These alternative application sources allow users to install applications of their choosing without a single entity to regulate the applications.
+These application sources have different uses, with F-droid acting as an app store for only free and open source apps, Aurora Store acts as an anonymized version of the Google Play Store, Accrescent focuses on app-installation security, and Obtanium acts as an update-grabber from code repositories like Github, Gitlab, and Codeberg.
-French non-profit [https://murena.com/ Murena] sells devices pre-flashed with their de-googled Android version [https://e.foundation/ /e/ OS], making privacy friendly Android phones accessible to non-technical users. However, the project has a history of not always addressing security vulnerabilities in a timely manner<ref>https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839</ref> and thus the user is required to make a certain tradeoff between privacy and security, though the situation is still much better than the millions of phones in active use that no longer get manufacturer support.
+[https://murena.com/ Murena], Fairphone and [https://iode.tech/ Iodé] sells devices pre-installed with de-googled Android based on [https://lineageos.org/ LineageOS] and MicroG, making privacy friendly Android phones accessible to non-technical users. However, the operating system called /e/ on Murena devices has a history of not always addressing security vulnerabilities in a timely manner.<ref>{{Cite web |last=Duval |first=Gael |date=Sep 2023 |title=Some clarification regarding security vs privacy in /e/OS |url=https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839 |url-status=live |archive-url=http://web.archive.org/web/20251107035830/https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839 |archive-date=7 Nov 2025|access-date=15 Mar 2025 |website=[[e]]}}</ref> However the situation is still much better than the millions of phones in active use that no longer get manufacturer support.
 ==References==