Loading

wait a moment

Study Shows Android Has Serious Privacy Issues, Snoops on Users

A new study is showing just how much Android snoops on its users, transmitting large quantities of data to third-parties and Google.

In the age-old iOS vs Android debate, the common argument against Android is the perceived lack of privacy. A team of researchers at the University of Edinburgh and Trinity College Dublin attempted to get to the bottom of the situation, and their findings were disturbing, to say the least.

The researchers looked phones made by Samsung, Huawei, Xiaomi and Realme. They also looked at two forks of the Android OS, LineageOS and /e/OS. At its heart, Android is an open source OS where anyone is free to modify it for their own uses, just as Google does. LineageOS and /e/OS are two such forks that place an emphasis on privacy by “de-Googling” the OS.

The researchers found that, with one exception, all flavors of Android transmitted substantial data to Google. Even worse, they also transmitted data to third-party companies, including Facebook.

We find that, with the notable exception of e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third-parties (Google, Microsoft, LinkedIn, Facebook etc) that have pre-installed system apps. While occasional communication with OS servers is to be expected, the observed data transmission goes well beyond this and raises a number of privacy concerns.

Here’s a detailed list of the information being sent:

Table of Android Data Sharing - Credit University of Edinburgh & Trinity College Dublin
Table of Android Data Sharing – Credit University of Edinburgh & Trinity College Dublin

The researchers also expressed concern about the possibility of companies being able to cross-link data in an effort to build a more comprehensive profile of the user.

We find that typically multiple parties collect data from a handset. For example, on a Samsung handset Samsung, Google and Microsoft/LinkedIn all collect data. That raises the question of whether the data collected separately by these parties can be linked together (and of course combined with data from other sources). While we are not in a position to know whether such linking actually takes place, by inspection of the identifiers jointly collected by the parties we can see whether the potential exists for data linking.

Potential for Android Data Cross-Linking - Credit University of Edinburgh & Trinity College Dublin
Potential for Android Data Cross-Linking – Credit University of Edinburgh & Trinity College Dublin

Overall, the researchers said the current situation raises serious concerns about the privacy Android offers — or doesn’t.

We present an in-depth analysis of the data sent by the Samsung, Xiaomi, Huawei, Realme, LineageOS and /e/OS variants of Android. We find that, with the notable exception of e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third-parties (Google, Microsoft, LinkedIn, Facebook etc) that have pre-installed system apps. While occasional communication with OS servers is to be expected, the observed data transmission goes well beyond this and raises a number of privacy concerns.

Google has been working to improve its image as a company that respects its users’ privacy. Creating an OS that serves to vacuum up large quantities of user data — and then sends that data to itself and third-parties companies — falls far short of what the company promises and what users deserve.