2 min read

Some Android Devices Send a Lot of Data Back Despite Enabled Privacy Settings, Researchers Show

Silviu STAHIE

October 13, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Some Android Devices Send a Lot of Data Back Despite Enabled Privacy Settings, Researchers Show

Researchers from the University of Edinburgh in the UK and Trinity College Dublin in Ireland analyzed the traffic sent in the background by Android devices from Samsung, Xiaomi, Huawei, Oppo, LineageOS and /e/OS. Even with the OS set up to send as little data as possible back, they found, native and third-party apps continue to send data that seems to go beyond regular communication with the servers.

While Samsung, Xiaomi, Huawei and Oppo are well-known phone manufacturers, LineageOS and /e/OS don’t actually make devices. They are open-source Android variants, with LineageOS gathering a total of 30 million users. /e/OS is even less known, but it’s an OS focused on privacy.

It’s no secret that manufacturers and developers pull data from devices, and it’s even expected in some situations. Smartphones have to communicate with servers, but the scope of that communication is not always clear. Furthermore, determining whether companies share the data they collect is a murky endeavor as well.

University researchers used various methods to track the traffic, including rooted devices, reverse engineering and controlled Wi-Fi networks. They found that not only the default OS apps send a lot of data back -- third-party apps do so as well.

“We find that the Samsung, Xiaomi, Huawei and Realme Android variants all transmit a substantial volume of data to the OS developer (i.e. Samsung etc) and to third-party parties that have pre-installed system apps (including Google, Microsoft, Heytap, LinkedIn, Facebook),” saidthe researchers in their study.

“LineageOS sends similar volumes of data to Google as these proprietary Android variants, but we do not observe the LineageOS developers themselves collecting data nor pre-installed system apps other than those of Google. Notably, /e/OS sends no information to Google or other third parties and sends essentially no information to the /e/OS developers.”

The research also shows that user-resettable identifiers, such as advertising IDs, can be easily relinked, even if the user resets the device. Researchers also say that cross-linking of data collected by these different parties is possible, which could allow the creation of shadow profiles. Finally, some devices and OSs record user interactivity with the smartphone and apps, sending detailed statistics back to the owners. Moreover, all of this data is exchanged even when privacy settings are enabled.

Both Google and Huawei responded to the paper, and the researchers included the manufacturers’ information.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Dutch Police Send Warning Letter to Customers of DDoS-for-Hire Website Dutch Police Send Warning Letter to Customers of DDoS-for-Hire Website
Silviu STAHIE

October 15, 2021

1 min read
Australia Proposes Bold Plan to Fight Ransomware Attackers Australia Proposes Bold Plan to Fight Ransomware Attackers
Silviu STAHIE

October 14, 2021

1 min read
Anonymous Domain Name Registration Could Disappear in the European Union Anonymous Domain Name Registration Could Disappear in the European Union
Silviu STAHIE

October 14, 2021

1 min read