6 votes

New study raises fresh ‘privacy concerns’ about data sharing from Android mobile phones

4 comments

  1. [3]
    hungariantoast
    Link
    Previous topc: https://tild.es/yu9 Link to the study: https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
    4 votes
    1. [2]
      riQQ
      Link Parent
      Sorry for the repost, I missed this topic.

      Sorry for the repost, I missed this topic.

      3 votes
      1. hungariantoast
        Link Parent
        No problem, I'm happy for it to get more exposure, I do want to copy over here a comment I just wrote on the other topic though, because I think it's important: I have not read the entire report...

        No problem, I'm happy for it to get more exposure, I do want to copy over here a comment I just wrote on the other topic though, because I think it's important:

        I have not read the entire report yet, so there are details I might have missed, but from quickly searching around the PDF this is what I found:

        (v) Google Pixel 2/Android 10 (LineageOS build 17.1-20210316, opengapps 10.0-nano-20210314

        (vi) Google Pixel 2/Android 10 (eos build e-0.11-q-20200917)

        Apart from Google’s GApps, no third-party system apps on the LineageOS handset were observed to perform data collection. On /e/OS, we observed no data collection by system apps

        So it seems like the only reason for the data collection difference between LineageOS and /e/OS is because Open GApps was installed on the LineageOS device.

        I do wish they would have tested that further, such as by testing the LineageOS device once with Open GApps and then another time with MicroG instead, but there may have been constraints in how they performed the experiment that did not allow them to do that.

        Also, the point they may have wanted to make is that it is Google's own proprietary apps that are responsible for vast majority of data collection on Android devices:

        LineageOS and Samsung send similar volumes of data, Xiaomi and Huawei about twice as much and Realme about three times as much. These differences are likely related to different configurations of Google GApps e.g. on LineageOS the so-called nano version of GApps was installed (other options includes micro, mini, full, stock19). In all cases the volume of data uploaded to Google is at least 10×that uploaded by the mobile OS developer. For Xiaomi, Huawei and Realme the volume rises to around 30×.

        2 votes
  2. riQQ
    Link

    They found that even when minimally configured and the handset is idle, with the notable exception of e/OS, these vendor-customised Android variants transmit substantial amounts of information to the OS developer and to third parties such as Google, Microsoft, LinkedIn, and Facebook that have pre-installed system apps. There is no opt-out from this data collection.

    Amongst the key findings from the study were, with the exception of e/OS, all of the handset manufacturers examined collect a list of all the apps installed on a handset.

    The Xiaomi handset sends details of all the app screens viewed by a user to Xiaomi, including when and how long each app is used. This reveals, for example, the timing and duration of phone calls.

    On the Huawei handset the Swiftkey keyboard sends details of app usage over time to Microsoft. This reveals, for example, when a user is writing a text, using the search bar, searching for contacts.

    While, Samsung, Xiaomi, Realme and Google collect long-lived device identifiers, e.g., the hardware serial number, alongside user-resettable advertising identifiers.