Google Dialer, Messages Apps Send Data to Google Without Users’ Permission: Report
Following various data-related controversies in the recent past, tech giants like Apple and Google started focusing a little extra on user privacy when it comes to their products and services. However, it’s not the case entirely, as according to a recent research paper, Google’s Phone and Messages apps collect and send user data to Google’s servers without user permission. While it is a privacy risk for users, the practice also potentially violates the EU’s General Data Protection and Regulation law.
Google Apps Violating User Privacy?
Google Phone and Messages app arearguably two of the most-used apps on Androidas they come pre-installed in most modern Android devices. So, as per anin-depth research papertitled “What Data Do The Google Dialer and Messages Apps on Android Send to Google?,” computer science professor of Trinity College Douglas Leith uncovered that these apps collect and send user data to Google without the necessary permissions.
The researcher mentioned thatthe apps primarily collect data relating to user communications, including the SHA256 hash of messages, the timestamps of those messages, contact details, incoming and outgoing call logs, and call duration. Upon collecting the data, the appsuse the Google Play Services Clearcut logger service and the Firebase Analytics service to send them to Google’s remote servers. Leith also highlighted the fact that Google can also reverse the hash of short messages to reveal their content.
The report reveals another key point that both the Google Dialer and Messagesapps do not mention any privacy policies in terms of data collection, a practice that Google recently made mandatory for allthird-party apps on the Play Store. This is sort of hypocritical of Google and puts it in a negative light.
These findings were initially discovered late last year, following which Google was informed of the same. Leith had alsosuggested some critical changes that Google should implement in its appsto prevent such practices. While Leith provided nine changes, Google has already implemented six of them.
Furthermore,Google provided some clarifications for its data collection practices. The company said that the message hash is collected for detecting message sequencing bugs, while the phone numbers are collected to improve the automatic detection of one-time password messages sent over RCS.
To recall, Google, along with other Big Tech giants, has been in the news previously for collecting user data without their permission. Be it via theirvoice assistantsor for ad-targeting, these tech giants have time and again breached users’ privacy. We look forward to more details on this. So, what do you think about Google collecting user data without permission? Let us know your thoughts in the comments below.
Dwaipayan Sengupta
A geek at heart, you’ll find me fidgeting with an iOS device or sitting in front of the laptop, scouring the internet to find interesting technological innovations. In my free time, you’d find me playing Valorant or listening to Pink Floyd.
Add new comment
Name
Email ID
Δ
01
02
03
04
05
