'Wake up call': Trinity College study shows true extent of data sharing on Android phones

Researchers from Trinity College Dublin and University of Edinburgh examined six brands of Android phones and the Operating Systems (OS) used by each. 

The authors looked at observed data transmission between the mobile phone and the OS developers and said the extent of information being exchanged raises a number of privacy concerns. 

While a certain amount of communication with the OS developer is to be expected, the researchers have said the extent of data transmission taking place goes well beyond this. 

The six Android companies and OS designs studied included: 

• Samsung;
• Xiaomi;
• Huawei; 
• Realme;
• LineageOS; 
• e/OS.

Even an idle mobile phone with limited user input transmitted substantial amounts of information to the OS developer and to third parties such as Google, Microsoft, LinkedIn, and Facebook that have pre-installed system apps. One notable exception to this process was the /e/OS operating system.

With the exception of e/OS, all of the handset manufacturers examined collect a list of all the apps installed on a handset. 

This potentially sensitive information can reveal user interests, for example, the use of mental health apps, interest in religious faith apps such as a Muslim prayer app as well as gay dating apps or conservative news sources like a Republican news app. 

Professor Doug Leith, Chair of Computer Systems at the School of Computer Science and Statistics in Trinity College Dublin, said the study reveals the extent previous data regulation has missed the mark. 

“I think we have completely missed the massive and ongoing data collection by our phones, for which there is no opt out," he said "We’ve been too focussed on web cookies and on badly-behaved apps." 

Prof Leith said "meaningful action" is needed to give people control over the data that leaves their phones and hopes the study sounds the alarm for the public and regulators. 

“I hope our work will act as a wake-up call to the public, politicians and regulators. Meaningful action is urgently needed to give people real control over the data that leaves their phones,” he said. 

Researchers said there is no opt-out for this silent data collection process for many pre-installed apps and OS including Google, Microsoft, LinkedIn and Facebook, all pre-installed on most handsets and silently collecting data. 

Dr Paul Patras, Associate Professor in the School of Informatics at the University of Edinburgh, said this was one of the most worrying aspects of the study. 

Although we've seen protection laws for personal information adopted in several countries in recent years, including by EU member states, Canada and South Korea, user-data collection practices remain widespread. More worryingly, such practices take place “under the hood” on smartphones without users' knowledge and without an accessible means to disable such functionality," he said. 

Dr Patras thinks more privacy-conscious OS for Androids are growing more popular with consumers and that their study shows manufacturers should respond to this.   

"Privacy-conscious Android variants are gaining traction though and our findings should incentivise market-leading vendors to follow suit," he said.