Google has quietly collected call and text information on Android without users being able to prevent it. In accordance with A study from Trinity College Dublin, the applications Messages and Phone collect and send data to Google without users’ consentwhich represents a clear violation of your privacy.
In the study titled What data do the Dialer and Messages apps on Android send to Google?the author, Douglas J. Leith, details how the technology captures the data of messages and calls in its mobile operating system.
In the case of Messages, when the user sends or receives an SMS, the app records information such as the date and time the event occurred, the sender’s phone number and a hashes truncated that serves as an identifier for the SMS.
The data is sent through the services Clearcut of Google Play Services, and Firebase of Analytics. The information is tagged with the Android identifier, an important detail since the ID is associated with a Google account.
In a nutshell, Mountain View they would have a detailed list of when and with whom you messaged. With calls it is not very different, since Google Phone registers the time and duration of the conversation.
In case of activating caller ID, the app capture and send phone number of those who are not in your contact list.
Google would be violating the European data protection law
The collection and sending of data to Google is not stipulated in the privacy policies of the applications, so the company would be violating the European data protection law.
The researchers claim that the information lacks anonymity because it involves the Android ID. The Messages app links the ID to the serial number of the SIM card once it is inserted into the mobile. The identifier is also associated with the device’s serial number, IMEI and Google user account.
By failing to notify users about data collection and don’t offer a way around it, Google would violate one of the principles of the GDPR. There is no section in the privacy policy of both applications where the collection, sending or the reason why it is done is mentioned.
A half solution
After receiving the results of the study, Google promised to disable harvesting of the phone number, SIM ID and the hash of the text messages. It will also eliminate the call log in Analytics and a button will be implemented that disables the sending of non-essential data for the operation of the app.
Google won’t stop capturing phone numbers if you use caller ID, it will simply notify the user that the option is active. In the same way, the privacy policy will be better communicated through easy-to-understand guides.
Although the company applauded the work of academics and accepted their suggestions, there is a risk that data collection will continue. In an interview with The RegisterDouglas Leith mentioned that he has doubts about the data that Google considers essential.
A few months ago the Mountain View company was accused by Brave of breaching the GDPR. The “extremely ambiguous and unspecific” policies make it impossible to identify violations of the principles of data protection law.
According to Brave, Google has to fully and specifically disclose the purposes of data collection in all of its apps and services, as well as the legal basis for each.