Android data collection: Difference between revisions

(9 intermediate revisions by 6 users not shown)

Line 20:

==Data sharing with Google==

A research examined the frequency of data sharing between Google and Android phones with Google services.<ref name=":0">{{Cite web |last=Leith |first=Douglas J. |date=25 Mar 2021 |title=Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google |url=https://www.scss.tcd.ie/doug.leith/apple_google.pdf |url-status=live |archive-url=http://web.archive.org/web/20251219165022/https://www.scss.tcd.ie/doug.leith/apple_google.pdf |archive-date=19 Dec 2025|access-date=15 Mar 2025}}</ref> The ~~research showed~~ that even if ~~an Android phone is set to minimal setting~~ and ~~left on its own~~, ~~it shares~~ data with Google on average every 4.5 minutes. The shared data includes sensitive information ~~like~~:

A research study examined the frequency of data sharing between Google and Android phones with Google services.<ref name=":0">{{Cite web |last=Leith |first=Douglas J. |date=25 Mar 2021 |title=Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google |url=https://www.scss.tcd.ie/doug.leith/apple_google.pdf |url-status=live |archive-url=http://web.archive.org/web/20251219165022/https://www.scss.tcd.ie/doug.leith/apple_google.pdf |archive-date=19 Dec 2025|access-date=15 Mar 2025}}</ref> The study describes that even if minimally configured and in idle mode, the handset will share data with Google on an average of every 4.5 minutes. The shared data includes the following sensitive information:

*IMEI (International Mobile Equipment Identity)

Line 27:

*SIM serial number and IMSI (International Mobile Subscriber Identity)

*Handset phone number

{| class="wikitable sortable mw-collapsible"

|+SUMMARY OF HANDSET DATA SHARED WITH APPLE AND GOOGLE WHEN USER IS NOT LOGGED IN.

!

!IMEI

!Hardware

Serial

Number

!SIM

Serial

Number

!Phone

Number

!Device IDs

!Location

!Tele-

metry

!Cookies

!Local

IP

Address

!Device WiFi MAC

Address

!Nearby

WiFi MAC

Addresses

|-

|Apple iOS

|✓

|UDID, Ad ID

|✓

|x

|✓

|-

|Google Android

|✓

|Android ID,

RDID/Ad ID,

Droidguard

key

|x

|✓

|x

|✓

|x

|}

In addition, Google services on Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Google services sends its information to Google automatically.

Line 45:

Line 99:

Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.

For this, Google was sued in the United States and in Australia.<ref>{{Cite web |last=Gatlan |first=Sergiu |date=14 Nov 2022 |title=Google will pay $391M to settle Android location tracking lawsuit |url=https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |url-status=live |archive-url=http://web.archive.org/web/20260218125205/https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |archive-date=18 Feb 2026|access-date=15 Mar 2025 |website=[[BleepingComputer]]}}</ref><ref>{{Cite web |date=12 Aug 2022 |title=Google LLC to pay $60 million for misleading representations |url=https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |url-status=live |archive-url=https://archive.ph/~~Jn1fd~~ |archive-date=17 Aug 2022 |access-date=15 Mar 2025 |website=[[ACCC]]}}</ref>

For this, Google was sued in the United States and in Australia.<ref>{{Cite web |last=Gatlan |first=Sergiu |date=14 Nov 2022 |title=Google will pay $391M to settle Android location tracking lawsuit |url=https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |url-status=live |archive-url=http://web.archive.org/web/20260218125205/https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |archive-date=18 Feb 2026|access-date=15 Mar 2025 |website=[[BleepingComputer]]}}</ref><ref>{{Cite web |date=12 Aug 2022 |title=Google LLC to pay $60 million for misleading representations |url=https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |url-status=live |archive-url=https://web.archive.org/web/20220816180655/https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |archive-date=16 Aug 2022 |access-date=15 Mar 2025 |website=[[ACCC]]}}</ref>

==Data sharing with OEM’s custom Android==

==Privacy respecting alternatives==

~~Not many~~ alternatives are available to users for completely avoiding this data sharing. Attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.<ref name=":0" />

Some alternatives are available to users for completely avoiding this data sharing. Attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.<ref name=":0" />

The use of [[wikipedia:List_of_custom_Android_distributions|custom ROMs]] or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.

Line 61:

Line 117:

The only fully degoogled alternate configuration comprises of MicroG applications, which is an open source reimplementation of Google services. It provides necessary dependencies so that most of the applications which depend on Google services can function on a device without those Google services.

Another option is [~~https://grapheneos.org/~~ GrapheneOS], an optionally ~~degoogled~~ privacy and security focused Android ROM. While not replacing google play services completely, GrapheneOS offers a sandboxed version of the google play services. The sandboxing allows users to control the permissions of the google play services, limiting the privacy risk they pose. GrapheneOS has many other privacy features like more control over app permissions and automatic time-based Wifi and Bluetooth off switches. Despite these features, users may choose not to consider this Android ROM due to its development history and other controversies.<ref> https://m.~~youtube~~.com/watch?v=4To-F6W1NT0</ref><ref> https://m.~~youtube~~.com/watch?v=Dx7CZ-2Bajg</ref>

Another option is [[GrapheneOS]], an optionally de-googled privacy and security focused Android ROM. While not replacing google play services completely, GrapheneOS offers a sandboxed version of the google play services. The sandboxing allows users to control the permissions of the google play services, limiting the privacy risk they pose. GrapheneOS has many other privacy features like more control over app permissions and automatic time-based Wifi and Bluetooth off switches. Despite these features, users may choose not to consider this Android ROM due to its development history and other controversies.<ref> https://youtube.com/watch?v=4To-F6W1NT0 ([https://preservetube.com/watch?v=4To-F6W1NT0 Archived])</ref><ref> https://youtube.com/watch?v=Dx7CZ-2Bajg ([https://preservetube.com/watch?v=Dx7CZ-2Bajg Archived])</ref>

As for application distribution, alternate channels, such as [https://f-droid.org/ F-droid], [https://auroraoss.com/aurora-store Aurora Store], [https://accrescent.app/ Accrescent], and [https://obtainium.imranr.dev/ Obtanium], do exist. These alternative application sources allow users to install applications of their choosing without a single entity to regulate the applications.

These application sources have different uses, with F-droid acting as an app store for only free and open source apps, Aurora Store acts as an anonymized version of the Google Play Store, Accrescent focuses on app-installation security, and Obtanium acts as an update-grabber from code repositories like Github, Gitlab, and Codeberg.

@@ Line 20: / Line 20: @@
 ==Data sharing with Google==
-A research examined the frequency of data sharing between Google and Android phones with Google services.<ref name=":0">{{Cite web |last=Leith |first=Douglas J. |date=25 Mar 2021 |title=Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google |url=https://www.scss.tcd.ie/doug.leith/apple_google.pdf |url-status=live |archive-url=http://web.archive.org/web/20251219165022/https://www.scss.tcd.ie/doug.leith/apple_google.pdf |archive-date=19 Dec 2025|access-date=15 Mar 2025}}</ref> The research showed that even if an Android phone is set to minimal setting and left on its own, it shares data with Google on average every 4.5 minutes. The shared data includes sensitive information like:
+A research study examined the frequency of data sharing between Google and Android phones with Google services.<ref name=":0">{{Cite web |last=Leith |first=Douglas J. |date=25 Mar 2021 |title=Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google |url=https://www.scss.tcd.ie/doug.leith/apple_google.pdf |url-status=live |archive-url=http://web.archive.org/web/20251219165022/https://www.scss.tcd.ie/doug.leith/apple_google.pdf |archive-date=19 Dec 2025|access-date=15 Mar 2025}}</ref> The study describes that even if minimally configured and in idle mode, the handset will share data with Google on an average of every 4.5 minutes. The shared data includes the following sensitive information:
 *IMEI (International Mobile Equipment Identity)
@@ Line 27: / Line 27: @@
 *SIM serial number and IMSI (International Mobile Subscriber Identity)
 *Handset phone number
+{| class="wikitable sortable mw-collapsible"
+|+SUMMARY OF HANDSET DATA SHARED WITH APPLE AND GOOGLE WHEN USER IS NOT LOGGED IN.
+!
+!<small>IMEI</small>
+!<small>Hardware</small>
+<small>Serial</small>
+<small>Number</small>
+!<small>SIM</small>
+<small>Serial</small>
+<small>Number</small>
+!<small>Phone</small>
+<small>Number</small>
+!<small>Device IDs</small>
+!<small>Location</small>
+!<small>Tele-</small>
+<small>metry</small>
+!<small>Cookies</small>
+!<small>Local</small>
+<small>IP</small>
+<small>Address</small>
+!<small>Device WiFi MAC</small>
+<small>Address</small>
+!<small>Nearby</small>
+<small>WiFi MAC</small>
+<small>Addresses</small>
+|-
+|<small>Apple iOS</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>UDID, Ad ID</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|x
+|<small>✓</small>
+|-
+|<small>Google Android</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>✓</small>
+|<small>Android ID,</small>
+<small>RDID/Ad ID,</small>
+<small>Droidguard</small>
+<small>key</small>
+|x
+|<small>✓</small>
+|<small>✓</small>
+|x
+|<small>✓</small>
+|x
+|}
 In addition, Google services on Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Google services sends its information to Google automatically.
@@ Line 45: / Line 99: @@
 Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.
-For this, Google was sued in the United States and in Australia.<ref>{{Cite web |last=Gatlan |first=Sergiu |date=14 Nov 2022 |title=Google will pay $391M to settle Android location tracking lawsuit |url=https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |url-status=live |archive-url=http://web.archive.org/web/20260218125205/https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |archive-date=18 Feb 2026|access-date=15 Mar 2025 |website=[[BleepingComputer]]}}</ref><ref>{{Cite web |date=12 Aug 2022 |title=Google LLC to pay $60 million for misleading representations |url=https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |url-status=live |archive-url=https://archive.ph/Jn1fd |archive-date=17 Aug 2022 |access-date=15 Mar 2025 |website=[[ACCC]]}}</ref>
+For this, Google was sued in the United States and in Australia.<ref>{{Cite web |last=Gatlan |first=Sergiu |date=14 Nov 2022 |title=Google will pay $391M to settle Android location tracking lawsuit |url=https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |url-status=live |archive-url=http://web.archive.org/web/20260218125205/https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/ |archive-date=18 Feb 2026|access-date=15 Mar 2025 |website=[[BleepingComputer]]}}</ref><ref>{{Cite web |date=12 Aug 2022 |title=Google LLC to pay $60 million for misleading representations |url=https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |url-status=live |archive-url=https://web.archive.org/web/20220816180655/https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations |archive-date=16 Aug 2022 |access-date=15 Mar 2025 |website=[[ACCC]]}}</ref>
 ==Data sharing with OEM’s custom Android==
+{{Incomplete section}}
 ==Privacy respecting alternatives==
-Not many alternatives are available to users for completely avoiding this data sharing. Attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.<ref name=":0" />
+Some alternatives are available to users for completely avoiding this data sharing. Attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.<ref name=":0" />
 The use of [[wikipedia:List_of_custom_Android_distributions|custom ROMs]] or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.
@@ Line 61: / Line 117: @@
 The only fully degoogled alternate configuration comprises of MicroG applications, which is an open source reimplementation of Google services. It provides necessary dependencies so that most of the applications which depend on Google services can function on a device without those Google services.
-Another option is [https://grapheneos.org/ GrapheneOS], an optionally degoogled privacy and security focused Android ROM. While not replacing google play services completely, GrapheneOS offers a sandboxed version of the google play services. The sandboxing allows users to control the permissions of the google play services, limiting the privacy risk they pose. GrapheneOS has many other privacy features like more control over app permissions and automatic time-based Wifi and Bluetooth off switches. Despite these features, users may choose not to consider this Android ROM due to its development history and other controversies.<ref> https://m.youtube.com/watch?v=4To-F6W1NT0</ref><ref> https://m.youtube.com/watch?v=Dx7CZ-2Bajg</ref>
+Another option is [[GrapheneOS]], an optionally de-googled privacy and security focused Android ROM. While not replacing google play services completely, GrapheneOS offers a sandboxed version of the google play services. The sandboxing allows users to control the permissions of the google play services, limiting the privacy risk they pose. GrapheneOS has many other privacy features like more control over app permissions and automatic time-based Wifi and Bluetooth off switches. Despite these features, users may choose not to consider this Android ROM due to its development history and other controversies.<ref> https://youtube.com/watch?v=4To-F6W1NT0 ([https://preservetube.com/watch?v=4To-F6W1NT0 Archived])</ref><ref> https://youtube.com/watch?v=Dx7CZ-2Bajg ([https://preservetube.com/watch?v=Dx7CZ-2Bajg Archived])</ref>
 As for application distribution, alternate channels, such as [https://f-droid.org/ F-droid], [https://auroraoss.com/aurora-store Aurora Store], [https://accrescent.app/ Accrescent], and [https://obtainium.imranr.dev/ Obtanium], do exist. These alternative application sources allow users to install applications of their choosing without a single entity to regulate the applications.
 These application sources have different uses, with F-droid acting as an app store for only free and open source apps, Aurora Store acts as an anonymized version of the Google Play Store, Accrescent focuses on app-installation security, and Obtanium acts as an update-grabber from code repositories like Github, Gitlab, and Codeberg.