You probably suspected it, or might have heard it from someone, but it is now confirmed by a study carried out by UK researchers that Android smartphone users are constantly snooped on by preinstalled apps even without using them.
The researchers focused their study on Samsung, Xiaomi, Realme and Huawei Android devices and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and an experience free from the shackles of Google.
The conclusion of the study gives a sad state of the Android ecosystem, which the vast of Android users will definitely find worrying.
“With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have preinstalled system apps.” reads the report from the UK researchers.
The data shared from the Android smartphones include persistent identifiers, app usage details and telemetry information.
No way to stop the sending of data
Android users are currently unable to stop the collection of data, since there is no option to opt out.
What is definitely more worrying especially for peoples’ privacy is that smartphone vendors preinstall third-party apps like Facebook or LinkedIn that are silently collecting data even when they are not used by the device owner, and also cannot be uninstalled.
Xiaomi phones send details of all apps being used, including timings and durations of phone calls made on the device. Microsoft SwiftKey keyboard sends details of app usage over time. Samsung, Xiaomi and Google also collect device identifiers and advertising IDs, even when a user potentially disables advertising identifiers, they can still link back to the device.
“More worryingly, such practices take place “under the hood” on smartphones without users’ knowledge and without an accessible means to disable such functionality” said Dr Paul Patras, Associate Professor in the School of Informatics at the University of Edinburgh.
Informed Android users are slowly dropping vanilla Android in favour of privacy conscious Android forks like /e/OS as they realize they have no means to disable unwanted functionality in vanilla Android and seek more privacy on their devices.
This unfortunately only consists of a tiny percentage in the bigger picture, and the vast majority of Android users remain locked in the never-ending stream of data collection.
“Today, more people understand that the advertising model that is fuelling the mobile OS business is based on the industrial capture of personal data at a scale that has never been seen in history, at the world level. This has negative impacts on many aspects of our lives, and can even threaten democracy, as seen in recent cases. I think regulation is needed more than ever regarding personal data protection. It has started with the GDPR, but it’s not enough, and we need to switch to a “privacy by default” model instead of “privacy as an option,” says Gael Duval, the creator of /e/OS.
The GDPR (General Data Protection Regulation) refers to the legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union.