The authors of the study said that the data collection they observed went well beyond occasional communication with Android OS servers.
There is a significant amount of data collection and sharing from Android handsets, new research has found.
According to a study carried out by academics from Trinity College Dublin (TCD) and the University of Edinburgh, several Android phones are collecting data with no opt-out clause. The data is being shared between third parties in some cases.
Prof Doug Leith of TCD and Dr Paul Patras and Haoyu Liu from the University of Edinburgh examined the data sent by six variants of the Android OS developed by Samsung, Xiaomi, Huawei, Realme, LineageOS and /e/OS.
They found that, even when minimally configured and the handset is idle, five out of the six vendor-customised Android variants transmitted substantial amounts of information to the OS developer, as well as to third parties such as Google, Microsoft, LinkedIn and Facebook that have pre-installed system apps. The notable exception was /e/OS, which sent no information to third parties and virtually no information to its developers.
While occasional communication with OS servers is to be expected, the authors of the study said that the observed data transmission goes well beyond this and raises a number of privacy concerns.
Leith said he hoped his team’s research would serve as a “wake-up call” to the public, politicians and regulators.
“I think we have completely missed the massive and ongoing data collection by our phones, for which there is no opt out. We’ve been too focused on web cookies and on badly behaved apps. Meaningful action is urgently needed to give people real control over the data that leaves their phones,” he added.
Leith is TCD’s chair of computer systems and he also works at Science Foundation Ireland’s Connect research centre. He has done several studies focusing on privacy and data collection. A recent study from March found that Android and iPhone handsets shared data with Google and Apple every four and a half minutes on average.
He also was part of a research team that flagged concerns about Covid-19 contact-tracing apps when they were proposed to tackle the spread of the virus in 2020.
According to Patras, user data collection practices “remain widespread”, despite the protection laws that have been recently introduced to protect personal information in several countries including many EU member states, Canada and South Korea.
“More worryingly, such practices take place ‘under the hood’ on smartphones without users’ knowledge and without an accessible means to disable such functionality,” Patras warned.
“Privacy-conscious Android variants are gaining traction though and our findings should incentivise market-leading vendors to follow suit.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.