Android Data Collection: Difference between revisions

Revision as of 13:15, 10 March 2025

This article addresses the manner in which Android phones share personal user information with Google, usually in a complete user unaware and unapproved way, and the legal consequences Google has endured for deceptive practices in users' location tracking.

Background

Android, the global top mobile operating system,^[1] is used to power billions of devices globally. Tests have shown that Android phones transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control.

A study found that data collection happens without any chance to opt out even before the user has even opened their first app.^[2]

Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps (Facebook, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.^[3]

Data sharing with Google

A research examined the frequency of data sharing between Google and Android phones.^[4] The research showed that even if an Android phone is set to minimal setting and left on its own, it shares data with Google on average every 4.5 minutes. The shared data includes sensitive information like:

IMEI (International Mobile Equipment Identity)

Hardware serial number
SIM serial number and IMSI (International Mobile Subscriber Identity)
Handset phone number

In addition, Android sends telemetry data to Google even when customers directly decline to have their data collected. For instance, each time a SIM card is inserted into the device, Android sends its information to Google automatically.

Data exchanged with Google by Google Messages and Google Dialer applications on an Android smartphone was also researched.^[5] These applications report to Google whenever messages are being sent/received or calls are being received/made. Precisely:

Google Messages sends a message text hash so Google can match the sender and receiver in a message exchange.
Google Dialer also transmits call time and call duration to Google for linking both devices for a call.
Both of the apps forward phone numbers to Google.
Both user interaction timing and duration with both apps are also forwarded to Google in addition to the above.

No exemption option exists in the data transmission. Data comes through two pathways:

The Google Play Services Clearcut logger.
Google/Firebase Analytics.

Location History Lawsuit

Google misled some Android users into thinking that the setting titled “Location History” was the only Google account setting that affected whether the company collected, kept and used personally identifiable data about their location. In fact, another account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.

For this, Google was sued in the United States^[6] and in Australia.^[7]

Privacy respecting alternatives

Not many, if any, alternatives are available to users for completely avoiding this data sharing. Even attempts to disable data collection via settings, Android integration with Google services does make it impossible to fully discontinue the passing on of person and device details.^[4]

This is a serious cause of concern as far as user privacy and control over one's own data are concerned. Though some measures, such as the use of custom ROMs or privacy-focused applications, do cut down on sharing data, these are likely to require technical know-how and are not necessarily in the hands of the average user.

French non-profit Murena sells devices pre-flashed with their de-googled Android version /e/ OS, making privacy friendly Android phones accessible to non-technical users. However, the project has a history of not always addressing security vulnerabilities in a timely manner^[8] and thus the user is required to make a certain tradeoff between privacy and security, though the situation is still much better than the millions of phones in active use that no longer get manufacturer support.

References

↑ https://gs.statcounter.com/os-market-share/mobile/worldwide
↑ Jones, Connor (4 Mar 2025). "How Google tracks Android device users before they've even opened an app". The Register. Retrieved 2025-03-05.
↑ Trinity College Dublin (October 11, 2021). "Study reveals scale of data-sharing from Android mobile phones". TechXplore. Retrieved 2025-03-05.
↑ ^4.0 ^4.1 https://www.scss.tcd.ie/doug.leith/apple_google.pdf
↑ https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf
↑ https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/
↑ https://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations
↑ https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839

[1] ttps://gs.statcounter.com/os-market-share/mobile/worldwide

[2] Jones, Connor (4 Mar 2025). "How Google tracks Android device users before they've even opened an app". The Register. Retrieved 2025-03-05.

[3] Trinity College Dublin (October 11, 2021). "Study reveals scale of data-sharing from Android mobile phones". TechXplore. Retrieved 2025-03-05.

[:0-4] 4.0 ^4.1 https://www.scss.tcd.ie/doug.leith/apple_google.pdf

[5] ttps://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf

[6] ttps://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/

[7] ttps://www.accc.gov.au/media-release/google-llc-to-pay-60-million-for-misleading-representations

[8] ttps://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

@@ Line 4: / Line 4: @@
 '''[[Android]]''', the global top mobile operating system,<ref>https://gs.statcounter.com/os-market-share/mobile/worldwide</ref> is used to power billions of devices globally. Tests have shown that Android phones transmit user data to Google on multiple occasions even when users try to restrict sharing of data via settings. This has encouraged increasing alarm over user privacy, transparency, and personal data control.
-A study found that data collection happens without any chance to opt out even before the user has even opened their first app.<ref>{{Cite web |last=Jones |first=Connor |date=Tue 4 Mar 2025 // 10:15 UTC |title=How Google tracks Android device users before they've even opened an app |url=https://www.theregister.com/2025/03/04/google_android/ |access-date=2025-03-05 |website=The Register}}</ref>
+A study found that data collection happens without any chance to opt out even before the user has even opened their first app.<ref>{{Cite web |last=Jones |first=Connor |date=4 Mar 2025 |title=How Google tracks Android device users before they've even opened an app |url=https://www.theregister.com/2025/03/04/google_android/ |access-date=2025-03-05 |website=The Register}}</ref>
 Moreover, most phone vendors do their own tracking on top and pre-install so-called bloatware in exchange for payment from the respective company, such as social media and shopping apps (Facebook, TikTok, Aliexpress, eBay, …), which transmit data in the background without user consent even if the apps are never even opened and the user never agreed to their TOS.<ref>{{Cite web |last=Trinity College Dublin |date=October 11, 2021 |title=Study reveals scale of data-sharing from Android mobile phones |url=https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html |access-date=2025-03-05 |website=TechXplore}}</ref>
@@ Line 46: / Line 46: @@
 <references />
 [[Category:Android]]
-[[Category:Data Collection]]
+[[Category:Data collection]]