Concerns have been raised in a Trinity College Dublin study about the privacy implications of the data collected by Google Dialer and Messages apps on Android phones.
The recent study, by Prof. Doug Leith at the CONNECT SFI Research Centre for Future Networks at Trinity College Dublin, details the extensive data collected via the use of these apps.
The apps, used to make and receive calls or to send and receive SMS and other messages, are pre-installed on many Android phones.
According to Google, more than one billion phones have both. In the US, AT&T and T-Mobile recently announced that all Android phones on their networks will use the Google Messages app and the app also comes pre-loaded on Samsung, Xiaomi and Huawei handsets.
Prof. Leith’s study’s findings include:
– The Messages app tells Google whenever a message is sent/received. The information sent includes the time and a hash (an ID code created from the message text) that uniquely identifies the message. This allows Google to discover whether two handsets are communicating, and at what times.
– The Google Messages app transmits the sender’s phone number to Google, so by combining data from communicating handsets the phone numbers of both are revealed.
– The Dialer app tells Google whenever a phone call is made/received. The information sent includes the time and the call duration. This allows Google to discover whether two handsets are calling one another, and at what times and for how long.
– Each app also tells Google about user interactions with it. For example, whenever the user views an app screen, an SMS conversation or searches their contacts. This allows a detailed picture of app usage over time to be reconstructed by Google.
– The data sent to Google is tagged with the handset Android ID. This is linked to the handset’s Google user account and so often to the personal details (email, phone number, credit card details etc) of the person involved in a phone call or SMS message.
There is no opt-out from this data collection. Previous studies by Prof. Leith’s group at Trinity College Dublin have noted the large volume of data sent by Google Play Services to Google servers (up to 20 times the data that iPhones send to Apple), and the opaque nature of this data collection.
This latest study is one of the first to cast light on the content of the data sent by Google Play Services.
Prof. Doug Leith, Professor of Computer Systems at Trinity, said: “I was surprised to see such obviously sensitive data being collected by these Google apps.
“It’s not at all clear what the data is being used for and the lack of opt-out is extremely concerning.”
“This work was triggered by our study of the privacy of COVID contact tracing apps.
“While we found these apps to generally be quite a privacy respecting, our measurements highlighted the tremendous volume of data being sent to Google by Google Play Services on Android phones.
“Hopefully, our work will act as a wake-up call to the public, politicians and data regulators.
“It really is time we started to take meaningful action to give people full information on the data that leaves their phones, details as to what it is being used for and, most importantly, the ability to opt-out from this data collection.”
Google has told the Trinity research team that, in light of the report’s findings, it plans to make changes to the Google Messages and Dialer apps.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.