Google will make changes to apps after TCD study reveals privacy concerns

google is to make changes to the Dialer and Messages apps on Android phones after raising privacy concerns about the implications of the data collected.

A study conducted by Professor Doug Leith at the Connect SFI Research Center for Networks of the Future in Trinity College Dublin Details of the comprehensive data collected through the use of these applications.

Applications, which are used to make and receive calls or to send and receive SMS and other messages, are pre-installed on many Android phones.

According to Google, more than a billion phones have both. In the US, AT&T and T-Mobile recently announced that all Android phones on their networks will use the Google Messages app, and the app is also preloaded on Samsung, Xiaomi, and Huawei phones.

The TCD study proves that the Messages app notifies Google when a message has been sent or received.

The information sent includes the time and an identification code generated from the message body that uniquely identifies the message. This allows Google to see if two phones are connected and when.

The Google Messages app passes the sender’s phone number to Google, so by merging the data from the connected phones, the phone numbers of both are exposed.

The dialer app notifies Google every time a phone call is made/received. The information sent includes the time and duration of the call. This lets Google know if two phones are communicating with each other, and when and for how long.

Each app also notifies Google of a user’s interactions with it, for example every time a user views the app’s screen, text messages conversation, or searches for their contacts. This allows Google to rebuild a detailed picture of app usage over time.

No withdrawal

Data sent to Google is tagged with the phone’s Android ID. This is associated with the phone’s Google user account, and is often associated with personal details such as the email, phone number, or credit card details of the person involved in a phone call or SMS. There is no opt-out from this data collection.

Previous studies by the group have pointed to the large amount of data Google Play services sends to Google’s servers (up to 20 times the data that iPhones send to Apple), and the “opaque nature” of this data collection process.

This latest study is one of the first to shed light on the content of data sent by Google Play services.

“I was surprised to see such sensitive data being collected by these Google apps,” said Professor Leith. “It is not at all clear what the data is being used for, and the lack of opt-out is very concerning.

“This work was initiated by our study of the privacy of Covid contact tracing apps. While we found that these apps generally respect privacy, our measurements have highlighted the massive amount of data sent to Google through Google Play Services on Android phones.

We hope that our work will serve as a wake-up call to the public, politicians, and data regulators. It’s really time that we start taking meaningful steps to give people complete information about the data that leaves their phones, details of how it’s used, and most importantly, the ability to opt out of data collection. »

Google told the Trinity research team that in light of the report’s findings, it plans to make changes to its Messages and Dialer apps.