It turns out that Samsung and Xiaomi smartphones are sending a large amount of user data to manufacturers and other companies



While Android, the mobile operating system developed by Google, boasts a market share that exceeds Apple's iOS, it has been pointed out that it collects up to 20 times more user data than iOS. A new study investigating custom Android operating systems developed by Samsung, Xiaomi, Huawei and others found that many custom Androids send important data to manufacturers and third-party companies.

Android_privacy_report.pdf
(PDF file) https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf

Android phones engage in'significant' data collection and sharing
https://www.irishtimes.com/business/technology/android-phones-engage-in-significant-data-collection-and-sharing-1.4697056

Study reveals scale of data-sharing from Android mobile phones
https://techxplore.com/news/2021-10-reveals-scale-data-sharing-android-mobile.html

Unlike iOS, which Apple only installs on its own devices, Android is based on open source software, allowing manufacturers of mobile devices to create their own customized Android variants. Therefore, even for the same Android smartphone, the UI and details may differ slightly depending on the manufacturer.

Haoyu Liu, a doctoral student at the University of Edinburgh, and Douglas Leith, a professor of computer science at Trinity College, have teamed up with Android variants and LineageOS developed by smartphone makers such as Samsung, Xiaomi, Huawei, and Realme. We investigated the data sent from the device to the outside for a total of 6 types of Android-based OS, and / e / OS.

As a result of the investigation, it was found that all Android variants except / e / OS transmit 'a considerable amount' of data even when the terminal is in the standby state with the minimum configuration. Not only the makers of OS servers and Android variants are sending data, but also third-party companies such as Google, Microsoft, LinkedIn, and Facebook, raising privacy concerns, the research team said. I am.



The main findings reported by the research team are as follows.

◆ List of installed apps
The Android variant, excluding / e / OS, collects a list of all apps installed on the device. This includes mental health apps, apps used by Muslims for worship, gay dating apps, news distribution apps for supporters of specific political parties, and other privacy-related apps. In addition, the Android variant we investigated does not have a setting to turn off this data collection.

◆ App usage time
The research team points out that Xiaomi smartphones send details of the application screen displayed by the user, such as when and how long each application was used, to Xiaomi. It is said that this data is sent to Singapore's server from regions other than Europe.

◆ Keyboard app input information
For Huawei smartphones, it seems that the usage status of

SwiftKey , a virtual keyboard application developed by Microsoft for mobile, is sent to Microsoft. With this, it is possible to know when the user wrote text, used the search bar, searched for contacts, the number of input characters, etc.

◆ Device-specific ID
Samsung, Xiaomi, Realme, and Google smartphones collect long-term traceable device IDs such as hardware serial numbers as well as user-resetable advertising IDs. The research team points out that even if a user resets an ad ID, the device can easily be linked to the previous ad ID if there is a device-specific ID, which can make the reset meaningless.

◆ Third-party system app
Since system apps of third-party companies such as Google, Microsoft, LinkedIn, and Facebook are pre-installed on most smartphones, information may be collected without the user's knowledge.

◆ Android variant that does not send data
Among the Android variants investigated this time, research that / e / OS, which was developed for the purpose of 'removing Google dependence from Android and improving privacy', did not send data related to user privacy to the outside. The team says.



'We're over-focusing on web cookies and malicious apps,' Leith said, saying that the opt-out-less data collection issue of the operating system on smartphones has been overlooked. Claim. He hopes that the results of this study will affect citizens, politicians and regulators, and that efforts will be made to allow users to control smartphone data.

in Mobile,   Software,   Security, Posted by log1h_ik