More than 1 billion Android devices leak private chat and call data
The Google Dialer and Messages apps, which are installed by default on Android phones, collect all kinds of private data from users and send it to Google, according to researchers from Trinity College Dublin based on their own research. The apps are used for calling and sending and receiving SMS and other messages. According to Google, the Dialer and Messages apps are installed on more than billion devices. For example, the Messages apps notify Google when a message has been sent or received. It’s about the time and a hash of the message body. This allows Google to see which phones are communicating with each other and at what time. Messages also sends the sender’s phone number to Google. The Dialer app notifies Google when a phone call has been made or received. This is the time and the duration of the call. This way Google knows who is calling each other, at what time and for how long. Furthermore, both apps let Google know how the user uses them. This concerns, for example, viewing the app screen, an SMS conversation or searching the contacts. This gives Google a comprehensive picture of app usage, the researchers said. The data sent to Google includes the phone’s Android ID, which is linked to the user’s Google account. It is not possible for users to unsubscribe from this data collection, the researchers say. “I was surprised that these Google apps collect so much obviously sensitive data. It’s not clear what the data is being used for, and the lack of an opt-out is very worrying,” said Trinity College computer systems professor Doug Leith. “Hopefully our research serves as a wake-up call for the public, politicians and regulators. It’s high time we took action so that people know what data is leaving their phone, what it’s used for and most importantly, the ability to represent themselves. to opt out of this data collection.” As a result of the investigation, Google has informed the researchers that changes are being made to the apps to better inform users and to stop collecting certain information. It has not been announced when the adjustments will be made.