When the first smartphones were introduced about 20 years ago by a number of telecommunication equipment vendors, the mobile device was expected to become the primary communication tool for the majority of human kind. It did. But there was something else that no one could envision 20 years ago: product vendors and online service providers created a massive global business simply by trading phone owners personal data with advertisers. Now, academic researchers have compared Android phones from major vendors, examining how much owners’ data phones leak to ad tech businesses.
The researchers from University of Edinburgh, UK and Trinity College Dublin, Ireland published a report Android Mobile OS Snooping By Samsung, Xiaomi, Huawei and Realme Handsets in October 2021. You can find the entire report here. From privacy point of view, the results are not pretty for phone vendors, but the results are very good for two software development organizations that have created their own variants of the Android operating system.
The best choices for privacy
First, the good news. If you care about your privacy and want to protect your life, you have a real choice. The Apple iPhone wasn’t included in the study (iPhone is known to collect data, anyhow), so we don’t consider it as an option here, but /e/OS and LineageOS are excellent choices for every privacy-aware person who wants to have an Android-compatible phone.
Never heard of these two brands? Both of them are highly specialized software outfits. LineageOS team focuses on software only: they have taken the core Android software with the aim of dropping all Google connections from it, and potentially replacing them with open source alternatives. They have done a good work, but haven’t managed to cut off Google’s data collection completely as the study proves. You can get LineageOS on your Android phone if you know how to install a completely new operating system to your device, but you have to be an experienced tinkerer to do that.
The team working on /e/OS software has managed to do it all. If you buy a phone powered by /e/OS or install /e/OS on your Android phone, the phone doesn’t leak any data to anyone. None. It is absolutely remarkable achievement. /e/OS is built on the stripped version of Android, but the team has managed to cut off Google completely, and has done extensive work to replace valuable Google services like the Play App Store, Google Maps, Email, Camera, Browser and others with open source software that don’t spy. The important thing is to examine carefully which apps you install on the phone yourself to minimize data collection by 3rd party apps. You can buy a phone that has /e/OS pre-installed or you can try to install the software yourself on an Android phone.
SImilar software products with /e/OS and LineageOS are available, but were not featured in the study.
The worst choices for privacy
Let’s take a look at vendors whose products were the worst choices regarding phone owner’s privacy.
Android phones made by Samsung, Xiaomi, Huawei and Realme transmit large amounts of data to the phone vendor and to other parties. These other parties typically are enterprises like Google, Microsoft, Heytap, LinkedIn, and Facebook. They have made a deal with the phone manufacturer to have apps installed in the factory to the phone that the user can’t remove. The apps provide functionality for users, but their hidden purpose is to gather users’ personal data for the businesses. The report highlights that users can’t stop data collection even if they adjust the system settings.
The phones used in the study were purchased in Europe which explains why they mostly transmitted data to servers located in Europe. Samsung also sent data to a server in the US, and Xiaomi to Singapore.
It is important to remember that this study focused on the operating system and factory-installed apps only. If the owner of the phone installs additional apps to the phone, most free apps collect additional user data. It is possible to view what data the app will collect before installing it or skipping it, but not all users do it.
We assume that Android phones made by other manufacturers conduct similar type of data collection activities as well. Even if they wouldn’t, Google as the developer of Android software and key apps will collect user data.
What data Android phones with factory settings collect?
The phones collect so much data that here we list only a few highlights of the type of data the phones collect.
- IMEI (International Mobile Equipment Identity), a unique number that identifies every mobile phone.
- Hardware serial number.
- Wifi MAC address, a unique identifier.
- What apps are used and when, what app screens are viewed, when and for how long.
- Google advertising id.
- Huawei phone sends keyboard taps to Microsoft.
- Xiaomi and Huawei record metadata for SMS messages, such as when messages were sent.
- Samsung, Xiaomi, Realme, Huawei, Heytap and Google collect details of all apps a user has installed on the phone.
Just a reminder that phones running on /e/OS or LineageOS don’t leak data listed above. Especially /e/OS is safe from privacy perspective, while remembering that you have to be careful which additional apps you install yourself. Here is our review of a smartphone powered by the /e/OS operating system.
How the Trinity College, Edinburgh University study was done?
The researchers routed all the communication between each phone and the internet through a computer that recorded all the network traffic. The recorded data packets were examined for finding out what was going on during the communication.