Android smartphone companies claim their “Custom Skin” on top of the base Android operating system helps them differentiate. However, the majority of these companies collect user data through their own apps and services, even if users never use them.
Android Operating System rarely arrives in its unaltered form. As such, Samsung, Xiaomi, Realme, and Huawei, and even some Custom ROMs for Android devices, allow user data collection. Simply put, an Android smartphone is a data mining device, even if users attempt to take precautionary measures.
Android smartphone manufacturers and even Custom ROM creators allow data collection and transmission?
Google has developed Android as a versatile, capable, and powerful operating system for smartphones. Android devices are way more popular than Apple iPhone, which runs iOS operating system.
Any smartphone manufacturer that needs Android also relies on Google Mobile Services or GMS as well as Google Play Services. Collectively, these help apps perform their functions.
Data collection by Android phones should give public a ‘wake-up call’ https://t.co/1yM5bJa5Za
— Why I Don't Use Android (@WhyNotAndroid) October 12, 2021
The majority of Android device makers slap a Custom Android Skin on top of the base Android OS. Samsung calls it OneUI, Realme has Realme UI, OnePlus has (or had) Oxygen OS, Huawei has HarmonyOS, and so on. In addition to the custom skin, several manufacturers ship their devices with preinstalled apps and services.
Not only the custom skin but also the preinstalled apps, collect and transmit user data back to the developers. “Vendor-customized Android variants transmit substantial amounts of information to the OS developer,” claim researchers who conducted the study.
Built-in vendor-customized system apps such as miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei) are just some of the user data collecting services, claims the study.
Additionally, preinstalled apps such as those of Google, Microsoft, LinkedIn, Facebook, etc., also collect user data. Concerningly, data collection and transmission occur even if the smartphone users are not using the apps.
More #privacy violations courtesy your #Mobile #phone. #dataprotection #dataprivacy #Android #Xiaomi #Samsung #Realme #Google #LinkedIn #Facebook #PrivacyMatters #cybermindful #udaytoncyber #CybersecurityAwarenessMonth https://t.co/ylqk3QhGlI
— Dave Salisbury (@DrDaveSalisbury) October 12, 2021
Essentially, sensitive user data like persistent identifiers, app usage details, and telemetry information allegedly goes to the device vendors and to various third parties. Interestingly, Google, the creator of Android, appears to be the biggest data collector.
Resetting Advertising ID to prevent tracking and protect user data does not help and Android smartphone users?
Google does allow Android device users to reset the advertising identifiers for their Google Account. In theory, this action should ensure advertisers shouldn’t have previous data, nor should they be able to link new data with the old one.
However, this is simply not the case, claims the study. Resetting Advertising ID is apparently futile on an Android smartphone. This is because the data-collection system can reportedly re-link the new ID back to the same device and append it to the original tracking history.
'Privacy concerns': Trinity study reveals 'massive' data collection by Android devices with no opt-out for users https://t.co/b7FiVI9QtJ
— Marc R Gagné MAPP 🍁 (@OttLegalRebels) October 12, 2021
Furthermore, data collection systems can even “de-anonymize” or recreate personally identifiable information by looking at the SIM, IMEI, location data history, IP address, network SSID, or any combination of these factors.
It is undoubtedly very concerning to see Google seems to have created Android with the primary intention of collecting data. It is even more worrying that users do not have a clearly demarcated and effective way to disable the unwanted functionality.
Nothing to add…
"The privacy focused /e/OS variant of Android was observed to transmit essentially no data"
— /e/ (@e_mydata) October 12, 2021
As the table above indicates, the creators of /e/OS, seem to shield Android smartphone users from data exfiltration. Needless to mention, the majority of Android smartphone users cannot install a Custom ROM on their device. This leaves them vulnerable to a seemingly endless stream of data flowing to companies.