Fresh data protection concerns have been raised by a Trinity College Dublin study about storage of cookies, identifiers, and other data on Android phones by Google Play Services, the Google Play store and other pre-installed Google apps.
A recent measurement study by Prof. Doug Leith, Professor of Computer Systems in Trinity’s School of Computer Science and Statistics, shows that advertising and tracking cookies and other device and user identifiers are sent by Google servers and stored on a handset, even when no Google apps have ever been opened by the user.
Professor Doug Leith said: “We all know that our consent is needed before a website stores advertising and tracking cookies when we visit it. The same EU “cookie law”, the e-Privacy Directive, also applies to apps running on mobile phones. Cookies stored by apps have received far less attention than web cookies, partly because they are harder to detect, and a closer look at them is long overdue.”
“Google Play Services and the Google Play store are pre-installed on almost every Android phone. This study shows that they silently store advertising and other tracking cookies and data on people’s phones. No consent for this is sought by Google, and there is no way to block these cookies. ”
“This study is a wake-up call to the Irish Data Protection Commissioner to enforce EU data protection rules and start properly protecting Irish and EU users of Android phones.”
The main findings of the study are as follows:
1) Advertising analytics cookies, links to track clicks/views of adverts, and device identifiers associated with advertising are downloaded and stored on the handset.
2) Tracking cookies are downloaded and stored by the Google Play store app and then transmitted to Google servers alongside analytics data reporting user interactions with the Play store app (searches, page views etc).
3) The Google Android ID is sent by Google servers and stored to the handset by Google Play Services. Previous studies have shown this identifier is sent in many transmissions made by Google Play Services and the Google Play store to Google servers. It acts as a persistent device and user identifier, which can only be changed by factory resetting the phone.
4) Analytics cookies used for A/B testing of changes to Google apps are downloaded and stored on the handset by Google Play Services and then transmitted alongside app telemetry data to Google servers.
5) Multiple other cookies and identifiers which can act to uniquely identify the handset and/or user are also downloaded and stored on the handset.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.