English

English

Home » Android phones constantly spy on users, study finds

Android phones constantly spy on users, study finds

Android

A new study by a team of university researchers in the UK has uncovered a host of privacy concerns related to the use of Android smartphones.

Researchers focused on Android devices Samsung, Xiaomi, Realme and Huawei, and LineageOS and / e / OS, two Android forks that aim to provide long-term support and a degoogled experience.

The study’s conclusion is worrying for the vast majority of Android users.

With the notable exception of / e / OS, even when configured minimally and the handset is idle, these vendor-customized Android variants pass substantial amounts of information to the operating system developer as well as ” to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) who have preinstalled system applications. – Researchers.

As the summary table shows, sensitive user data such as persistent identifiers, application usage details, and telemetry information are not only shared with device vendors, but are also passed on to various third parties, such as Microsoft, LinkedIn and Facebook.

Summary of data collected
Summary of data collected
Source: Trinity College Dublin

And to make matters worse, Google appears upon receiving all the data collected almost on the entire board.

No way to “turn it off”

It is important to note that this concerns the collection of data for which there is no opt-out option, so Android users are helpless in the face of this type of telemetry.

This is of particular concern when smartphone vendors include third-party apps that silently collect data even if not in use by the device owner, and which cannot be uninstalled.

For some of the built-in system applications such as miui.analytics (Xiaomi), Heytap (Realme) and Hicloud (Huawei), researchers have found that encrypted data can sometimes be decoded, putting the data at risk for humans in-attacks. middle (MitM).

Data volume (KB / h) transmitted by each supplier
Data volume (KB / h) transmitted by each supplier
Source: Trinity College Dublin

As the study points out, even if the user resets their Google Account advertising IDs on Android, the data collection system may trivially reconnect the new ID to the same device and add it to the tracking history. original.

User de-anonymization is done using various methods, such as viewing SIM card, IMEI, history location data, IP address, network SSID or ‘a combination of these.

Potential crosslinking data collection points
Potential crosslinking data collection points
Source: Trinity College Dublin

Privacy-conscious Android forks like / e / OS are growing in popularity as more users find they have no way to turn off unwanted vanilla Android features and seek more privacy. on their devices.

However, the majority of Android users get stuck in an endless stream of data collection, which is where regulators and consumer organizations need to step in and put an end to it.

TechToSee has contacted Google for a statement regarding this study, but has not had a response yet.

Gael Duval, the creator of / e / OS told TechToSee:

Today, more and more people understand that the advertising model that powers mobile OS business is based on the industrial capture of personal data on a scale never seen in history, on a global level. It has negative impacts on many aspects of our lives, and can even threaten democracy as we have seen in recent cases. I think that regulations are more necessary than ever in terms of the protection of personal data. It started with GDPR, but it is not enough and we need to move to a “privacy by default” model instead of “privacy optional”.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay on Top - Get the daily news in your inbox

Trending this Week