Your Android phone isn’t nearly as secure as you think it is
A new study looks at how much data your Android device collects from you.
Your Android devices might not be anywhere near as secure as you think if this report from a group of university researchers in the UK is accurate. As reported by BleepingComputer, the team at Trinity College Dublin did a deep dive into the data collection of some of the most popular Android manufacturers and the picture they paint isn’t pretty.
They took devices from Samsung, Xiaomi, Realme, and Huawei, and also tested three Android variants, LineageOS, /e/OS, and stock Android. What’s notable here is that LineageOS and /e/OS are both aimed at “de-Googling” the Android operating system, but one is better than the other when it comes to not harvesting data.
The only version of Android that they tested that didn’t collect vast reams of data on the user was /e/OS, which seems to be the best choice of the lot if you’re worried about data collection.
“With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps.“ – Researchers at Trinity College Dublin
The rest of the devices all sent huge amounts of data to other third parties, like Microsoft, Avast, or Facebook. Yes, even if you don’t install any of their apps, some smartphones pass your data to them, probably through existing partnerships with that Android manufacturer that you agree to when you tap Okay on the terms and conditions that nobody ever reads fully.
The worst part? There doesn’t seem to be any way to opt-out or turn off the firehose of data that’s leaving your device. Everything from device IDs to persistent advertising identifiers gets passed on to the device manufacturers and anyone else who’s paying for the data.
Google did reach out to BleepingComputer with a statement, which pointed to this help center article, explaining that this data collection is “how modern smartphones work.”
Basically, that data is needed for core device services, and we shouldn’t expect otherwise. I’m sure some of that is true, but I’m not so sure about the third-party data collection that’s going on when you’re using a “clean” Android install with no third-party apps.
- Google now lets you ‘follow’ sites using the mobile Chrome browser, kind of like Google Reader
- Oops, someone leaked pretty much everything about the Pixel 6
- The ongoing chip shortage is finally affecting iPhone 13 Pro production
- Microsoft says Russia is mostly to blame for state-sponsored hacking attempts