Prof. Douglas Leith, CONNECT Funded Investigator at Trinity College Dublin, has published a study on the data transmitted from iOS- and Android-based phones.
The study is available here (pdf): https://www.scss.tcd.ie/doug.leith/apple_google.pdf
Key findings from the study:
- Apple iPhones and Google Android phones share data with Apple and Google on average every 4.5 minutes, even when the phone is not being used, such as when it is in a pocket or handbag. Such a high frequency potentially allows location tracking, even when location services have been disabled by the phone user.
- Apple not only collects data about a phone owner’s handset activity, but also about handsets nearby. Apple can potentially track which people you are near to, as well as when and where.
- Apple iPhones offer no greater privacy than Google devices.
- Both iOS and Google Android transmit telemetry – recording events such as insertion of a SIM and sending handset details such the hardware serial number, IMEI, Wifi MAC address and the phone number, despite the user explicitly opting out of this.
- Users have no opt-out from this data collection and there are few, if any, realistic options for people to prevent this data sharing.
Commenting on the study, Prof. Doug Leith said:
“I think most people accept that Apple and Google need to collect data from our phones in order to provide services such as iCloud or Google Drive. But when we simply use our phones as phones – to make and receive calls and nothing more – it is much harder to see why Apple and Google need to collect data. Yet in this study we find that Apple and Google collect a wealth of information in precisely that situation. It seems excessive, and it is hard to see why it is necessary.
“In particular, it is disappointing to see that so much handset data is being collected by Apple. I think iPhone users often believe that their handsets offer greater privacy than Android handsets, and certainly Apple themselves make great play of the importance of privacy. Yet our study finds that Apple collects pretty much the same sort of data as Google.
“Apple not only collects data about handset activity, but also about handsets nearby. When you use WiFi, the WiFi MAC addresses of other devices on the network are sent to Apple. When the location toggle is enabled on the handset then the precise GPS location is also included. The WiFi MAC address identifies a device on a WiFi network and so, for example, uniquely identifies your home router, cafe hotspot or office network. That means Apple can potentially track which people you are near to, together with when and where. That’s very concerning.
“Apple and Google collect handset hardware identifiers such as the handset serial number and IMEI. Whenever a SIM is inserted the handset sends your phone number to them, together with other details. If you log in to the Apple or Google app store, then that handset information becomes linked to your email and other personal details such as your credit card, web browsing history and so on, even if you later log out. Even if you never log in, in many countries photo ID is needed to obtain a SIM and so the phone number is directly linked to you.
“Every time a handset connects with a back-end server it necessarily reveals the handset IP address, which is a rough proxy for location. The high frequency of network connections made by both iOS and Google Android (on average every 4.5 minutes) therefore potentially allow tracking by Apple and Google of device location over time.
“While the privacy of mobile handsets has been much studied, most of this work has focussed on measurement of the app tracking/advertising ecosystem and much less attention has been paid to data sharing by the handset’s operating system with the mobile OS developer.
CONNECT is the world leading Science Foundation Ireland Research Centre for Future Networks and Communications. CONNECT is funded under the Science Foundation Ireland Research Centres Programme and is co-funded under the European Regional Development Fund. We engage with over 35 companies including large multinationals, SMEs and start-ups. CONNECT brings together world-class expertise from ten Irish academic institutes to create a one-stop-shop for telecommunications research, development and innovation.
Homepage Feature
