Douglas Leith, a computer science professor at Trinity College Dublin in Ireland, has investigated just how much data Android devices send back, through the Google Messages and Google Dialer apps.
Security researchers often check how much data apps send back. Some apps send data even when users specifically opt out, but policies to control the type and quantity of information are much stricter for third-party apps. Google’s own apps don’t seem to follow the same rules.
Professor Leith took a closer look at Google Dialer and Google Messages, both of which send a lot of data back to the company. The problem is that data sharing can’t be stopped by the user who, in most cases, is not even aware of what’s happening in the background.
“The data sent by Google Messages includes a hash of the message text, allowing linking of sender
and receiver in a message exchange,” explains Leith. “The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call.”
“Phone numbers are also sent to Google. In addition, the timing and duration of other user interactions with the apps are sent to Google. There is no opt out from this data collection,” he added in his paper.
Leigh explained that he made a Google Takeout request that allows him to receive all the data Google collects from him. Everything he collected during his research was not included in Google’s data.
The researcher also explained that, while individual data is sent anonymously, it’s easy to use the Android ID and other information to make correlations that reveal phone numbers. Leith reported all these findings to Google, and the company said it plans to make sweeping changes to data collection policies, but it didn’t say when.