https://therecord.media/google-collects-20-times-more-telemetry-from-android-devices-than-apple-from-ios/

* * 
logo

  * Leadership
  * Cybercrime
  * Nation-state
  * Government
  * People
  * Technology
  * About
  * Contact
  * Subscribe 

[                    ]
 
 
Featured Privacy Technology

Google collects 20 times more telemetry from Android devices than
Apple from iOS

  * By Catalin Cimpanu
  * . March 30, 2021

Academic research published last week looked at the telemetry traffic
sent by modern iOS and Android devices back to Apple and Google
servers and found that Google collects around 20 times more telemetry
data from Android devices than Apple from iOS.

The research, conducted by Professor Douglas J. Leith from Trinity
College at the University of Dublin, analyzed traffic originating
from iOS and Android devices heading to Apple and Google servers at
various stages of a phone's operation, such as data shared:

 1. on first startup following a factory reset;
 2. when a SIM is inserted/removed;
 3. when a handset lies idle;
 4. when the settings screen is viewed;
 5. when location is enabled/disabled;
 6. when the user logs in to the pre-installed app store.

Prof. Leith said the research took into account that data could be
collected by the operating system itself and by default apps provided
by the OS makers --such as search (Siri, OkGoogle), cloud storage
(iCloud, Google Drive), maps/location services (Apple Maps, Google
Maps), photo storage/analytics (ApplePhoto, Google Photos)-- and kept
the two sources separate, focusing only on the operating systems'
telemetry, left in their default states.

The study unearthed some uncomfortable results. For starters, Prof.
Leith said that "both iOS and Google Android transmit telemetry,
despite the user explicitly opting out of this [option]."

Furthermore, "this data is sent even when a user is not logged in
(indeed even if they have never logged in)," the researcher said.

The table below summarizes the main data points that test handsets
sent to Apple and Google servers.

Telemtry on iOS and Android

But while the Irish researcher found that Apple tends to collect more
information data types from an iOS device, it was Google that
collected "a notably larger volume of handset data."

"During the first 10 minutes of startup the Pixel handset sends
around 1MB of data is sent to Google compared with the iPhone sending
around 42KB of data to Apple," Prof. Leith said.

"When the handsets are sitting idle the Pixel sends roughly 1MB of
data to Google every 12 hours compared with the iPhone sending 52KB
to Apple i.e., Google collects around 20 times more handset data than
Apple."

iOS and Android share data on average every 4.5 minutes

This data collection process takes place every 264 seconds on idle
Apple devices and once 255 seconds on Android smartphones -- which
roughly equates to almost every four and a half minutes even when the
handset is not being used.

But in addition to the idle state, the Irish researcher said that
both operating systems also share data with their central servers
when users are browsing their settings screens.

Furthermore, when a new SIM card is inserted into both iOS and
Android devices, SIM details are shared with both Apple and Google
almost immediately.

But Prof. Leith said that he also observed a number of pre-installed
apps and services also making connections to both Apple and Google
servers even before the apps were opened or used.

"In particular, on iOS these include Siri, Safari and iCloud and on
Google Android these include the Youtube app, Chrome, Google Docs,
Safety hub, Google Messaging, the Clock, and the Google Search bar,"
Prof. Leith said.

The University of Dublin professor says that this expansive data
collection raises at least two major concerns. First, that the
telemetry can be used to link physical devices to personal details,
data that both companies are most likely exploiting for advertising
purposes.

Second, that the telemetry collection process allows the OS makers to
track users' location based on the IP address that connects and
uploads device telemetry to their servers.

The researcher said that currently, there are very few, if any,
realistic options for users to prevent telemetry collection from
their devices.

Google disputes paper numbers

The Irish professor said he contacted both companies with his
findings. Apple did not respond, while Google sent clarifications,
which he incorporated into the paper. Google also told Prof. Leith
that they intended to publish public documentation on the telemetry
data they collect, but did not provide a date or deadline.

But in an email response on Monday, a Google spokesperson played down
the paper's findings, and claimed the researcher found legitimate
telemetry data that helps keep devices running smoothly.

    This research outlines how smartphones work. Modern cars
    regularly send basic data about vehicle components, their safety
    status and service schedules to car manufacturers, and mobile
    phones work in very similar ways. This report details those
    communications, which help ensure that iOS or Android software is
    up to date, services are working as intended, and that the phone
    is secure and running efficiently.

    Google spokesperson

In addition, according to a Google source familiar with the research
paper's review, the Android maker also disputed the paper's
methodology, which they claim under-counted iOS' telemetry volume by
excluding certain types of traffic, which Google believes resulted in
skewed results that found Android devices collecting 20 times more
data than iOS.

In a response after this article's publication, Apple echoed its
rival's response.

"The report conflates a number of items in relation to different
services and misunderstands how personal location data is protected,"
an Apple spokesperson told The Record. "Apple is not collecting data
that can be associated with individuals without a user's knowledge or
consent."

---------------------------------------------------------------------

Additional details are available in a research paper titled "Mobile
Handset Privacy: Measuring The Data iOSand Android Send to Apple And
Google," available as a downloadable PDF document.

Last year, in March 2020, the same professor also published a study
analyzing the telemetry collected by web browsers. The study [PDF]
found that Brave collected the smallest amount of data, while
Microsoft's Edge and the Yandex Browser were at the opposite side of
the spectrum.

Article updated on March 30: 16:25 ET with a response from Apple.

Tags:Android, Apple, Google, iOS, privacy, smartphone, telemetry
---------------------------------------------------------------------
[5fcff613fdfb0]

Catalin Cimpanu

administrator

Catalin Cimpanu is a cybersecurity reporter for The Record. He
previously worked at ZDNet and Bleeping Computer, where he became a
well-known name in the industry for his constant scoops on new
vulnerabilities, cyberattacks, and law enforcement actions against
hackers.

  *  

  
Previous Post

London's biggest school trust hit by ransomware

Next Post

IETF officially deprecates TLS 1.0 and TLS 1.1

Freelance writer
footer logo

  *  
  *  
  *  

Copyright (c) 2021 The Record. by Recorded Future

*