Prof Doug Leith

Google promises changes to Dialer and Messages apps following Trinity College study

Android phones found to collect 20 times more user data than iPhones
Life
Prof Doug Leith, Connect

14 March 2022

Google is to make changes to its Google Dialer and Messages apps on Android phones after a study from the Connect research centre

Work by Prof. Doug Leith at the at Trinity College Dublin, uncovered the extensive data collected via the use of apps used to make and receive calls or to send and receive SMS and other messages.

According to Google, more than 1 billion phones use both Google Dialer and Messages which come pre-loaded on Samsung, Xiaomi and Huawei handsets.

Prof Leith’s findings include:

  • The Messages app tells Google whenever a message is sent/received. The information sent includes the time and a hash (an ID code created from the message text) that uniquely identifies the message. This allows Google to discover whether two handsets are communicating, and at what times.
  • The Google Messages app transmits the sender’s phone number to Google, so by combining data from communicating handsets the phone numbers of both are revealed.
  • The Dialer app tells Google whenever a phone call is made/received. The information sent includes the time and the call duration. This allows Google to discover whether two handsets are calling one another, and at what times and for how long.
  • Each app also tells Google about user interactions with it. For example, whenever the user views an app screen, an SMS conversation or searches their contacts. This allows a detailed picture of app usage over time to be reconstructed by Google.
  • The data sent to Google is tagged with the handset Android ID. This is linked to the handset’s Google user account and so often to the personal details (email, phone number, credit card details etc) of the person involved in a phone call or SMS message.
  • There is no opt out from this data collection.

This study is one of the first to cast light on the content of the data sent by Google Play Services. Previous studies by Prof Leith’s group at Trinity College Dublin noted the large volume of data sent by Google Play Services to Google servers – up to 20 times that iPhones send to Apple – and the opaque nature of this data collection.

“I was surprised to see such obviously sensitive data being collected by these Google apps. It’s not at all clear what the data is being used for and the lack of an opt-out is extremely concerning,” said Prof Leith.

“This work was triggered by our study of the privacy of Covid contact tracing apps. While we found these apps to generally be quite privacy respecting, our measurements highlighted the tremendous volume of data being sent to Google by Google Play Services on Android phones. Hopefully our work will act as a wake-up call to the public, politicians and data regulators.

“It really is time we started to take meaningful action to give people full information on the data that leaves their phones, details as to what it is being used for and, mostly importantly, the ability to opt out from this data collection.”

TechCentral Reporters

Read More:


Back to Top ↑

TechCentral.ie