Android Messages and Dialer apps allegedly sent data to Google without consent

Date:

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY


In the research paper “What Data Do The Google Dialer and Messages Apps On Android Send to Google?”, Trinity College professor Douglas J. Leith claims that the Google applications Messages and Dialer are sending data to Google without user consent.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Both applications are installed on over a billion Android devices each. Google Messages is the default messaging application that many manufacturers and mobile phone companies ship as the default application for messaging on their devices. The same is true for Dialer, as it is the default phone application on many Android devices.

The paper notes that Google does not provide specific privacy policies for the two applications in question, even though Google requires that third-party developers do provide privacy policies. The applications link to Google’s generic consumer privacy policy only.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

The researcher analyzed the data that the Google Messages and Google Dialer applications sent to Google on Android handsets. According to the research paper, linked here the following data is sent when the Messages application sends or receives messages

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

When an SMS message is sent/received the Google Messages app sends a message to Google servers recording this event, the time when the message was sent/received and a truncated SHA256 hash of the message text. The latter hash acts to uniquely identify the text message. The message sender’s phone number is also sent to Google, so by combining data from handsets exchanging messages the phone numbers of both are revealed

Google Messages submits data about the event, including the time messages were received or sent, a truncated hash of the message text, and the sender’s phone number, to Google. The hash may identify the message according to the researcher, and if Google Messages is used on both handsets, Google gets both phone numbers involved in the conversation.

Google Dialer sends similar logs to Google. The data includes the time and the call duration according to the research paper.

When a phone call is made/received the Google Dialer app similarly logs this event to Google servers  together with the time and the call duration.

The data that is sent to Google “is tagged with the handset Android ID” according to the researcher. The ID is linked to Google user accounts and thus the identify of the user.

Additionally, both applications submit data about user interactions within the applications. Nature and timings of interactions, e.g., viewing an app screen, searching contacts, or browsing an SMS conversation, are also submitted to Google according to the paper.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

If “See caller and spam ID” is enabled, which it is by default, Google Dialer sends the phone number of each incoming call and the time of the call to Google as well.

The applications have no opt-out that prevents the data from being submitted to Google.

The data is sent to Google via the Google Play Services Clearcut logger service and Google/Firebase Analytics according to the researcher.

The Google Messages and Dialer apps send data to Google via two channels: (i) the Google Play Services Clearcut logger service and (ii) Google/Firebase Analytics. Recent Android measurement studies have noted the large volume of data sent by Google Play Services to Google servers on most Android handsets. A substantial component of this data is sent by the Clearcut logger service within Google Play Services. However, the data transmission is largely opaque, being binary encoded with little public documentation.

The Register received confirmation by Google that the “paper’s representations [..] are accurate”. Additional details, including information about the test setup and code, are available in the research paper.

Android users may switch to different applications that may take over the tasks of the default applications. For instance, Simple Dialer: Phone Calls, as a replacement for the Google Dialer application, and Simple SMS Messenger. as a replacement for Google Messages.

Now You: which dialer and messaging apps do you use?

Summary

Android Messages and Dialer apps allegedly sent data to Google without consent

Article Name

Android Messages and Dialer apps allegedly sent data to Google without consent

Description

Google Messages and Dialer on Android send data to Google without user consent according to a research paper.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Advertisement



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

December’s needs for our community, plus information about taxes and donations

Tax information: There have been posts on Twitter...

Delivery drivers have one of the most dangerous jobs

Some of the most essential jobs in the...

Medaro Mining Continues Progress in Quebec with the Completion of Work Program on its Darlin Lithium Property

VANCOUVER, British Columbia, Dec. 07, 2022 (GLOBE NEWSWIRE)...

How to watch A Spy Among Friends online: stream the new ITVX series from anywhere

Starring Guy Pearce as the infamous British double-agent...