Researchers of the Trinity College of Dublin are of the opinion that android mobile manufacturing companies like Samsung, Huawei, Xiaomi, etc., do not have effective privacy policies. It has been seen that even after deleting all dubious applications and availing the privacy guides, users’ information is not safe.
They have reported that these applications continuously send in device data to the OS developers and a few other third parties whenever left idle. And all the more they are not stoppable by the users.
The major fingers get pointed at the pre-installed apps like messaging or storage apps that come with the majority of mobile phones. Android keeps these apps under the device’s read-only memory, commonly known as ROM.
With this, the users cannot uninstall or delete these apps. Only if the user opts for rooting the device, they might do away with these apps. However, these apps keep on sending data to the parent company or third parties even if the user has never opened the app.
How does the entire process work?
The entire process works as follows. Suppose a user is using a mobile with OEM apps pre-installed by Microsoft. The user might have never used those apps, yet the apps go on sending user or device information to Microsoft Servers. Now, these data are known as ‘telemetry data,’ comprised of details about the apps one has installed, like the device’s unique identifier. These data get on shared with third parties, which is none but Google since Google analytics is the most widespread among all the other analytics tools.
And in the case of those apps that users might seldom use, through them, more information gets transported to the other side. Details like timestamps during the usage of the app get over to Google. Almost all brands of mobiles have been caught with these, beginning from Samsung Pass, Samsung’s Game Launcher and its virtual assistant, Bixby to Google messaging app, Microsoft SwiftKey, and many more.
The type of particulars getting disclosed
But the important question arises as to what type of information gets leaked. Well, mainly details of the log or device’s hardware like the model or screen size or serial number or mobile ad identifier or ‘AdID,’ etc. Individually these details might not be dangerous, but together they form a ‘fingerprint’ that can help track down the user.
The advertising ID of Android is said to be ‘resettable,’ but with permanent identifiers getting fed, these leaks of information cannot be technically stopped. And researchers have found out this from mobiles of companies like Realme, Samsung, Xiaomi, Huawei, etc. Well, only Google has a respite from this. According to Google’s developer rules, the AdID of a device cannot be connected to any permanent information for any ad-related purpose except with the user’s proper consent.
Google’s elucidation
Google has come up with a very detailed explanation of the above process in its dev policies.
It reads, “If reset, a new advertising identifier must not be connected to a previous advertising identifier or data derived from a previous advertising identifier without the explicit consent of the user, you must abide by a user’s ‘Opt out of Interest-based Advertising’ or ‘Opt out of Ads Personalization’ setting. If a user has enabled this setting, you may not use the advertising identifier for creating user profiles for advertising purposes or for targeting users with personalized advertising.”
However, it might be noted that Google does not detail how and where that information might be used.
Conclusion
One of the most obvious ways to solve this issue is by taking the help of lawmakers. For many who are not aware, there are laws dealing with the manner with which tech companies’ handle sensitive information, like GDPR in the EU or CCPA in the U.S, etc. This anonymous data basically includes details like name, address, AdID, etc.