Google and Apple track Mobile Telemetry Data without users’ consent

According to a researcher at Trinity College in Ireland, both Google’s Pixel and Apple’s iPhone are siphoning the mobile device data from the users without their consent. The researcher, Douglas Leigh, wrote “Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” in the recently published academic report.

Douglas, in the research, entitled, “Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google” also say that Google is collecting more data than Apple. Statistically, 20 times more data are collected from Android users as compared to the amount of the data that Apple collects from the iOS users.

According to the report, “The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google”.

“Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing”, said the report.

 As a testing parameter, no any pre-installed apps were backed nor were any third party apps used. The research focused on collecting the data from the OS-level handset components and functions such as Apple’s Bluetooth Unique ChipID, Secure Element ID and the transmission of the devices’ Wi-Fi MAC addresses.

Leith said, “Google collects a notably larger volume of handset data than Apple. During the first 10 minutes of startup, the Pixel handset sends around 1MB of data to Google, compared with the iPhone sending around 42KB of data to Apple. When the handsets are sitting idle, the Pixel sends roughly 1MB of data to Google every 12 hours, compared with the iPhone sending 52KB to Apple — i.e., Google collects around 20 times more handset data than Apple.”

He observed that the OSs were connected to their back-end servers on every 4.5 minutes in spite they use it or not. As an informal basis, he examined a number of pre-installed apps and services to the phone manufacturers and noted that they also make network connections, despite never having been opened or used.

“In particular, on iOS these include Siri, Safari and iCloud; and on Google Android these include the YouTube app, Chrome, Google Docs, Safetyhub, Google Messaging, the Clock and the Google SearchBar,” he said.

 The researcher reached out both the companies for comment. Apple has not yet said anything to the three emails have been sent to the company’s director of user privacy. However, the company had the say on what the leith found that it offers both privacy and opt-out options. In other word, it stated publicly its disapproval.

Google, on the other hand, responded with several commands and clarifications. The tech gaint said their intent is to publish public documentation of the telemetry data that it collects.

“We identified flaws in the researcher’s methodology for measuring data volume and disagree with the paper’s claims that an Android device shares 20 times more data than an iPhone. According to our research, these findings are off by an order of magnitude, and we shared our methodology concerns with the researcher before publication.

This research largely outlines how smartphones work. Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways. This report details those communications, which help ensure that iOS or Android software is up to date, services are working as intended, and that the phone is secure and running efficiently.”

As per the Leith, the researcher, the privacy dangers due to a handset sharing the telemetry data are of twofold. One is that the Google and Apple can use these data to identify a user and track their purchases and second they could abuse the user’s trust and track their movements.

In his report, they outline numerous methods by which a user can avoid sharing such data. He said, while there is no workaround to prevent the iphone from sharing data with Apple, the pixels use can prevent the vast majority of the data by certain measures.

“With Pixel, a user can choose to start up the phone with the network connection disabled,” he explained. “Next, before the user enables the network connection they can disable Google-specific services such as Google Play, YouTube before enabling the network connection.”