A range of Android phones engage in significant data collection and sharing with Facebook, Linked In, Microsoft and Google, leaving no opt-out option for its users – revealed an academic research study.
Dr. Paul Patras from the University of Edinburgh and Prof Doug Leith from Trinity College Dublin conducted the research on six different phones with Android operating systems developed by Xiaomi, Samsung, e/OS, Realme, and LineageOS.
The research study found, when the phones were minimally configured or kept idle, except e/OS, all of them transmit “substantial amounts of information” to not just the OS developer, but to all the parties they have partnered with.
Even though the occasional meeting with the OS servers is due, the researchers said the amount of data transmission “goes well beyond this”. It raises lots of privacy concerns.
Except for e/OS, all the phones that were examined during the research study were found to be collecting sensitive information through pre-installed apps on the handset including the data that could determine users’ interests.
For instance, Xiaomi phones transmit app screen viewed details to the company, including when and how long the users used each app. This type of tracking reveals the duration and timings of phone calls done through the handset.
To comprehend this statement, the effect of this tracking is similar to cookies that track users’ mobility on the browser. The study discovered that the collected data “appears to be sent outside Europe to Singapore.”
While in Huawei, the SwiftKey keyboard collects the information regarding users’ app usage and transmits the collected data to Microsoft. For example, if a Huawei user types a message or searches contacts via the search bar, all the information will be sent to Microsoft.
Meanwhile, Xiaomi, Google, Samsung, and Realme, collect the information from unique device identifiers, through the device’s hardware serial number as well as the user’s advertising ID.
The research concludes that all the apps pre-installed in the Android handsets, including Google, Linked In, Facebook, and Microsoft, silently collect users’ information without choosing to opt-out. This is how Android phones engage in ‘significant’ data collection and sharing
Studies also revealed, there “may exist a data ecosystem where data collected from a handset by different companies is shared or linked”. While, e/OS, privacy-focused devices were discovered to transmit no sensitive user data.
As per Prof Leith, “I think we have completely missed the massive and ongoing data collection by our phones, for which there is no opt-out.” He said, “We’ve been too focused on web cookies and on badly behaved apps.
“I hope our work will act as a wake-up call to the public, politicians, and regulators. Meaningful action is urgently needed to give people real control over the data that leaves their phones.”
On that, Dr. Patras added, “Although we’ve seen protection laws for personal information adopted in several countries in recent years, including by EU member states, Canada and South Korea, user-data collection practices remain widespread”.
“More worryingly, such practices take place under the hood on smartphones without users’ knowledge and without an accessible means to disable such functionality”.
“Privacy-conscious Android variants are gaining traction, though, and our findings should incentivize market-leading vendors to follow suit.”