Google quietly collected call and text information on Android without users being able to prevent it. According to a study by Trinity College Dublin, applications Messages and Phone collect and send data to Google without users’ consentwhich is a clear violation of your privacy.
In the study titled What data do Dialer and Messages apps on Android send to Google?author, Douglas J. Leith, details how the technology captures message and call data in its mobile operating system.
In the case of Messages, when the user sends or receives an SMS, the application records information such as the date and time when the event occurred, the sender’s phone number and a hashes truncated which serves as an identifier for the SMS.
Data is sent via Clearcut from Google Play Services and Firebase from Analytics. The information is tagged with the Android ID, an important detail since the ID is associated with a Google account.
In a nutshell, Mountain View they would have a detailed list of when and with whom you messaged. With calls, it’s not much different, since Google Phone records the time and duration of the conversation.
If caller ID is enabled, the app capture and send phone number of those who are not in your contact list.
Google would violate European data protection law
Since the collection and sending of data to Google is not stipulated in the privacy policies of the applications, the company would violate European data protection law.
The researchers claim that information lacks anonymity because it involves the Android ID. The Messages application associates the ID with the serial number of the SIM card once it is inserted into the mobile. The identifier is also associated with the serial number of the device, the IMEI and the Google user account.
A half solution
After receiving the results of the study, Google promised to disable harvesting phone number, SIM ID and SMS hash. This will also eliminate the call log in Analytics and a button will be implemented to disable the sending of data not essential to the operation of the application.
Although the company applauded the academics’ work and accepted their suggestions, there is a risk that data collection will continue. In an interview with The registerDouglas Leith mentioned that he had doubts about what data Google considers essential.
A few months ago, the Mountain View company was accused by Brave of violating the GDPR. the “extremely ambiguous and non-specific” policies make it impossible to identify violations of the principles of data protection law.
According to Brave, Google must fully and specifically disclose the purposes of data collection in all of its apps and services, as well as the legal basis for each.