What percentage of the time do you put your trust in your smartphone?
If you’re like most people, you keep your phone in your pocket at all times. You may have even gotten attached to your device, which you entrust with all of your most personal information and images. According to a recent study, however, Android cellphones are far from trustworthy.
The research, which was carried out by teams from the University of Edinburgh in Scotland and Trinity College Dublin in Ireland, discovered a slew of privacy concerns around large firms’ use of Android-powered handsets.
Professor Doug Leith of Trinity College Dublin, along with Dr Paul Patras and Haoyu Liu of the University of Edinburgh, looked at data transmitted by Samsung, Xiaomi, Huawei, Realme, LineageOS, and e/OS variations of the Android operating system.
“Even when lightly configured and the handset is idle, these vendor-customised Android versions broadcast considerable amounts of information to the OS developer as well as to third companies (Google, Microsoft, LinkedIn, Facebook, and others) that have pre-installed system apps,” they discovered.
What information does your phone have about you?
Researchers found persistent identification systems on smartphones, application usage histories, and telemetry data among the data they collected. The report points out that, with the exception of e/OS, all of the handset manufacturers evaluated collect a list of all the apps loaded on a handset.
This is potentially sensitive data because it reveals user preferences, such as the most recent dating app used, and so on. According to the study’s authors, there is no way to opt out of this data collection. “I believe we have entirely ignored the vast and continual data collecting by our phones,” said Leith, who is also the Chair of Computer Systems at Trinity’s School of Computer Science and Statistics.
The professor hopes that this research will serve as a “wake-up call” to the general public, legislators, and regulatory agencies. He went on to say, “Meaningful action is urgently needed to give individuals actual control over the data that leaves their phones.”
Xiaomi, Samsung, and Huawei are expected to take the lead in the data-sharing competition.
According to the study, the Xiaomi phone sends information to Xiaomi on “all of the app screens viewed by a user, including when and how long each app is utilized.” The analysis finds that the timing and duration of phone calls constitute a substantial component of the disclosed data.
The Swiftkey keyboard on the Huawei phone sends Microsoft information on app usage over time. According to Dr Paul Patras, associate professor at the School of Informatics at the University of Edinburgh, “the effect is similar to the use of cookies to follow people’s behavior as they travel between online pages.”
Samsung, Xiaomi, Realme, and Google, on the other hand, gather “long-lived device identifiers,” such as the hardware serial number, as well as “user-resettable advertising identifiers.” The hardware serial number is a unique number used for identification and inventory purposes that is often found on the bottom or back of the item. It is specific to the user and is frequently requested when reporting a phone theft to the authorities.
The objective of the user’s advertising ID is to allow advertisers to follow user ad activity in a pseudo-anonymous manner. The device or operating environment assigns it, and it is stored on the device itself.
Because Android systems can save this information, the report claims that “when a user resets an advertising identifier, the new identifier value can be trivially re-linked back to the same device, thereby weakening the use of user-resettable advertising IDs.”
What can be done to put an end to these “under the hood” practices?
According to the study, the e/OS variant designed by Frenchman Gael Duval and derived from LineageOS is the only option to avoid falling prey to this large-scale data collecting.
This Android version is built on a module that allows users to use Google services without revealing personal information. Google, as well as any other third-party applications or services, are unable to access personal information.
Apart from this exception, the researchers believe that providing personal data has become necessary in order to take advantage of the benefits of cellphones and associated services. “Despite the adoption of personal data protection regulations in various countries in recent years, including EU member states, Canada, and South Korea,” Patras added, “user-data harvesting techniques remain ubiquitous.”
“Worse, such practices occur “under the hood” on cellphones without the knowledge of users and without an easily available way to disable such capability. However, privacy-conscious Android variations are gaining acceptance, and our findings should encourage industry leaders to follow suit “.