Smartphone manufacturers custom skin, services, and preinstalled apps collect user data even if not used: Google’s Advertising ID restrictions circumvented too?

Android Devices Custom ROM Data Collection Google
Third-party preinstalled apps, custom Android skin, and services collect user data. Pic credit: Sam Azgor/Flickr

Android smartphone companies claim their “Custom Skin” on top of the base Android operating system helps them differentiate. However, the majority of these companies collect user data through their own apps and services, even if users never use them.

Android Operating System rarely arrives in its unaltered form. As such, Samsung, Xiaomi, Realme, and Huawei, and even some Custom ROMs for Android devices, allow user data collection. Simply put, an Android smartphone is a data mining device, even if users attempt to take precautionary measures.

Android smartphone manufacturers and even Custom ROM creators allow data collection and transmission?

Google has developed Android as a versatile, capable, and powerful operating system for smartphones. Android devices are way more popular than Apple iPhone, which runs iOS operating system.

Any smartphone manufacturer that needs Android also relies on Google Mobile Services or GMS as well as Google Play Services. Collectively, these help apps perform their functions.

The majority of Android device makers slap a Custom Android Skin on top of the base Android OS. Samsung calls it OneUI, Realme has Realme UI, OnePlus has (or had) Oxygen OS, Huawei has HarmonyOS, and so on. In addition to the custom skin, several manufacturers ship their devices with preinstalled apps and services.

Not only the custom skin but also the preinstalled apps, collect and transmit user data back to the developers. “Vendor-customized Android variants transmit substantial amounts of information to the OS developer,” claim researchers who conducted the study.

Google Android Device Manufacturers Custom ROM Data Collection Summary
Pic credit: Trinity College Dublin/BleepingComputer

Built-in vendor-customized system apps such as miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei) are just some of the user data collecting services, claims the study.

Additionally, preinstalled apps such as those of Google, Microsoft, LinkedIn, Facebook, etc., also collect user data. Concerningly, data collection and transmission occur even if the smartphone users are not using the apps.

Essentially, sensitive user data like persistent identifiers, app usage details, and telemetry information allegedly goes to the device vendors and to various third parties. Interestingly, Google, the creator of Android, appears to be the biggest data collector.

Resetting Advertising ID to prevent tracking and protect user data does not help and Android smartphone users?

Google does allow Android device users to reset the advertising identifiers for their Google Account. In theory, this action should ensure advertisers shouldn’t have previous data, nor should they be able to link new data with the old one.

However, this is simply not the case, claims the study. Resetting Advertising ID is apparently futile on an Android smartphone. This is because the data-collection system can reportedly re-link the new ID back to the same device and append it to the original tracking history.

Furthermore, data collection systems can even “de-anonymize” or recreate personally identifiable information by looking at the SIM, IMEI, location data history, IP address, network SSID, or any combination of these factors.

It is undoubtedly very concerning to see Google seems to have created Android with the primary intention of collecting data. It is even more worrying that users do not have a clearly demarcated and effective way to disable the unwanted functionality.

As the table above indicates, the creators of /e/OS, seem to shield Android smartphone users from data exfiltration. Needless to mention, the majority of Android smartphone users cannot install a Custom ROM on their device. This leaves them vulnerable to a seemingly endless stream of data flowing to companies.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x