“And remember… don’t be evil, and if you see something that you think isn’t right — speak up!” — Google Code of Conduct before April, 2018 Researchers Find Android Tracks Users And Share Data to OS's Developers TL;DR: The new research analyzed preinstalled apps in and the data sent to these companies and third parties. Samsung, Realme, Xiaomi, and Huawei phones The research found that data is constantly sent even if the apps are unused or never used. Users cannot delete these preinstalled apps, and the only way to remove them is by rooting your phone. When I heard that Google removed the famous "Don't be evil" from their code of conduct, I was disappointed. But, even worse, researchers recently proved that the phrase is not just a slogan but crucial for protecting our privacy, considering that Google is everywhere for everyone now. In May, By Q2 of 2022, developers will be required to disclose: Google announced that it would follow industry standards concerning privacy obligations. the type of data collected; the type of data stored; the way of such data is used. These requirements complement other elements, such as new security practices, enforcement of data deletion upon uninstallation of the app, etc. That's excellent news, and android users, at least those who install apps via the Google Play store, are less likely exposed to malicious apps. New Problems Found If you use an Android phone and are concerned about privacy, you should probably read my " " and take care of the unnecessary digital footprints. Even better, you may want to keep your digital self clean and tidy, so you follow my steps in " Keep Trackers and Advertisers at Bay with these Browser Privacy Tips The KonMari Method for Your Digital Footprint ." The bad news is that none of the measures above are enough to make you "tracker-free." Yeah, I know, it is very frustrating. But, sadly, according to a recent from Trinity College in Dublin, " ": research paper Android Mobile OS Snooping By Samsung, Xiaomi, Huawei and Realme Handsets …even when minimally configured and the handset is idle these vendorcustomized Android variants transmit substantial amounts of information to the OS developer and also to third-parties (Google, Microsoft, LinkedIn, Facebook etc) that have pre-installed system app. The Ultimate Vigilance — so-called "Systems Apps." Hardware manufacturers preinstalled apps on devices to offer more "customizations" and "features," such as replacing the stock camera app with the branded one or messages app. Unfortunately, Android usually packages these apps into what's called "read-only memory" (ROM), which means you can't delete or modify these apps directly. Everything inside the ROM is "untouchable" by normal users since they can only work with the devices outside the system files. However, to change the system structure, you need higher permission, i.e., root. Thus, if "system apps" track users, you can only stop them by rooting the device. And until you do, the researchers found they were continually transmitting device data back to — even if you never opened the app at all. According to the report, the built-in apps on the Samsung, Xiaomi, Huawei, and Realme phones sent many data to the OS developers. But not everyone would agree they also send data to third parties, including Google, with the Google Mobile Services and Google Play Store apps being the most comprehensive data sources. their parent company and more than a few third parties Moreover, Facebook, Microsoft (in the SwiftKey keyboard or OneDrive cloud storage), and LinkedIn are other data destinations, depending on which preinstalled "system apps" were present on the device. What About Custom ROM? Advanced users may think Android provides a platform for them to customize their operating system. But that doesn't necessarily mean the problem doesn't exist. LineageOS — is one of the popular alternative ROM. One thing we need to understand is that Google Apps are not preinstalled on LineageOS But if you choose to install it, like what the researchers did in the study, LineageOS . didn't collect data but still sent data to Google via its system apps. a free and open-source Android-based mobile operating system, , showing that it could make Android work without significant data harvesting. However, be reminded that/e/ is a heavy rework of the stock android ROM, which means the user experience may not be the same as other devices.Google's Reply: It's Normal /e/ — sent minimal data back to its developers A Google spokesperson has provided the following comment on the findings of the study: BleepingComputer While we appreciate the work of the researchers, we disagree that this behavior is unexpected — this is how modern smartphones work. As explained in our Google Play Services Help Center article , this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device’s IMEI, is necessary to deliver critical updates reliably across Android devices and apps. Unfortunately, as an android user, you can't do much if you are annoyed by this. As mentioned before, there's no way to opt-out of the system-app data acquisition. Even though you can reset any identifiable data, they can easily be "re-identified" by , such as the phone's IMEI number. cross-referencing them with IDs you can't reset Final Words Findings in the report are concerning. Luckily we still have things we can do like Installing a custom OS like /e/. But getting it to work needs more effort than the ordinary. Alternatively, you could always switch to an iPhone, but while Apple highlights the importance of user privacy, it's still impossible to escape all tracking with iOS. Meanwhile, as I mentioned in my last article, iPhone apps were just as snoopy as Android apps, with 60% of iOS apps sharing data with Google. So, to conclude, as Google told us that it is normal to have our data collected without a way out, we need to, ultimately, choose between privacy and convenience again. Thank you for reading. May InfoSec is with you🖖.

Apple

Facebook

Google

Huawei

Microsoft

Samsung

The Biggest Problems with WhatsApp's Privacy Practices

Developing Cyber Resilience: How To Think Like a Forensic Investigator

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

"Don't Be Evil," They Said: Android Is Tracking Us With No Way to Opt-Out

"Don't Be Evil," They Said: Android Is Tracking Us With No Way to Opt-Out

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Java bits: 0xFF and 0xFFL

10 Things You Didn't Know You Could Do With Google Keep

10 Things to check on Android code reviews

10 Mistakes In Mobile App Development That Make You Look Dumb

10 good rules for bad App

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Java bits: 0xFF and 0xFFL

10 Things You Didn't Know You Could Do With Google Keep

10 Things to check on Android code reviews

10 Mistakes In Mobile App Development That Make You Look Dumb

10 good rules for bad App

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps