Some versions of Android share users’ personal data with no chance to opt-out
A Study by researchers shows how Android phones can disseminate personal data
The researchers intercepted and analyzed the data that was sent by the Android OS including the pre-installed system apps that we previously mentioned. The study assumes a situation where the device owner doesn’t enable his phone to share data but uses the default settings for everything else. The research team printed a chart that shows the data collected by each of the Android OS variants.
All of the companies whose Android OS variants were tracked shared information that can help identify a particular mobile device such as a handset’s unique IMEI number. This data is transmitted along with data that the user can reset such as advertising IDs. But since the data is sent as a pair, resetting the advertising ID won’t help the user since his device will always link to its IMEI identifier.
The report also notes how system apps can track certain information related to app usage such as the name of apps that are being used, when they are being used, what app screens are viewed, when and for how long. As an example, the default system keyboard used on the Huawei handset is Microsoft’s Swiftkey (as we already duly noted). Information such as when the keyboard is used within an app and app usage is sent to Microsoft’s servers.
Some of the Android OS variants also collect a list of installed apps on a phone. While not as invasive as tracking app usage, the data is gold for advertisers who can determine a person’s interests from the kind of apps he or she installs on a device. If they see multiple sports apps, apps for stock quotes, apps for Broadway, or apps for cooking, a profile can be created that will help advertisers decide which products should be pitched to a particular user.
Location data can be used to de-anonymize users
Some of the variant Android operating systems (looking at you Samsung and Xiaomi) and third-party system apps by Google and Microsoft log user interactions. Some of this logging of data is needed by developers to catch issues with their apps early. Still, the collection of this data can become intrusive and a major security issue.