there's no way to opt-out of this data collection.
maybe sue them for THEFT OF BANDWIDTH???
(and then a method of opt-out, or better, opt-IN, may present itself in a subsequent update)
And then there's GDPR... any takers?
Google Android devices transmit telemetry data while idle, even when users have opted out, according to study conducted earlier this year by Trinity College Dublin computer scientist Douglas Leith. Handset vendors like Samsung that install proprietary versions of Android on their devices have the opportunity to offer better …
Europe doesn't have GDPR either. They've included the concept of 'legitimate interest'. These are 'default on', every time, sometimes you *can* disable them, but some websites then require you to individually disable 100's of 'partners'.
There's websites that ignore the whole GDPR thing, 'accept or leave'.
It was a good idea, but it was a gamable system and thus it gut gamed. Right quick.
I think the intention was noble (as in: not intentionally to let the system be circumvented), because they figured that a watertight system would have broken 'everything', so better something, than nothing. But, in the end, as always, the net result is that businesses do their best (and succeed) in circumventing the GDPR. So, in essense, it became a temporary obstruction they found way around, and passed the cost of their 'trouble' to their customers.
"maybe sue them for THEFT OF BANDWIDTH???"
I tried that with Amazon, placing a complaint directly with my state's Attorney General's office regarding their bandwidth "sharing" for their Ring Sidewalk technology.
Got a form letter, about 2 months later, from the AG saying that their office receives many complaint filings in general, and will look into it.
Got a form letter from Amazon, about 3 months after that, saying that...they would take it into consideration.
Silence has since ensued.
So we shouldn't hold our breath about ANYONE caring, especially when Big Money has a dealing in it???
From what I can see the researchers installed GApps on LineageOS, so no surprise that it reported home to Google. They explain that e/OS/ avoids this by using MicroG, but didn't mention that you can install MicroG on LineageOS. (That's how I use LineageOS, with the Aurora Store from F-Droid.) In fact they go so far as to state "On LineageOS it is necessary to install GApps to use the Google Play store" which is not correct.
See Section V.A.3 of the full report.
It is true that installing MicroG on LineageOS requires a little work, because it isn't the default configuration as it is on e/OS/. But it is also true that by default LineageOS has no GApps / Google Play Store presence at all, unlike e/OS/. If you are a de-Googling purist you can run LineageOS solely with stock apps, or supplemented with open source apps from F-Droid.
As to the vendor versions of Android: to hell with them.
Interesting that so many techy readers have upvoted you. You are wrong. This shows that people will upvote something even when they don't fully understand the topic.
Your GPS location is sent to google during a-GPS lookup even when you try to deconfig this in LineageOS. The event takes places so low in the OS stack that you can't disable it. That's right, every time you use location services on LineageOS, the exact GPS location is sent to google.
Other telemetry data is also sent to google that is nothing to do with the google Play store. It is obvious that people on TheRegister don't understand just how pervasive google is within LineageOS.
If you use eOS at https://e.foundation then you can remove all these links and still have a decent OS. I use it now and it works well. I'm very impressed with the development that keeps my Samsung S9 going with regular security updates. It's important to support what you think is best and I did a LOT of research before settling on eOS. LineageOS is a good effort but you only have to look at some forums to realise that people don't understand how integrated google services are into LineageOS. If they produced a true de-googled LineageOS I would be interested.
> Your GPS location is sent to google during a-GPS lookup even when you try to deconfig this in LineageOS. The event takes places so low in the OS stack that you can't disable it. That's right, every time you use location services on LineageOS, the exact GPS location is sent to google.
Got a source for that? Or any of your other assertions?
The poster who you claim "doesn't understand the topic" gave references and direct quotes from the very report on this topic. I see nothing in the report, or from a quick search, that corroborates your claims.
Had the same feeling about LineageOS. What's next, installing chinese apps and complaining it's sending data to the party?
My main phone is a regular phone (aka a "smartphone" before smartphones) and I'm thinking about switching to an old 2G Nokia, so fast to start, tiny size and reliable.
I do have an android device currently on ResurrectionRemix (= Lineage OS with a lot more settings. I like it). NO Gapps. Aurora Store + apkmirror/apkpure and a browser that blocks tracker is more than enough.
I will never use another android device with 'commercial' OS, they are simply unusable rubbish.
In addition, with LineageOS & co. old devices run much faster: get a flashable fancy phone from few years ago, get a new battery and you have a great like-new device for about 30$
We use a 2G Nokia as the 'batphone' at work. The battery lasts ages but apart from that it's a bit of a pain. It's not as good at pulling in weak signals as I remember of phones ten or fifteen years ago, the volume when making a call is dire and the keyboard is very small and fiddly and it's easy to hit 'enter' when you meant to press 'left' (or whatever).
One of the children has a CAT phone running KaiOS and it has a much better keyboard, the battery lasts just as long and it can act as a 4G hotspot, but it is riddled with Google apps which can't be uninstalled. Oh, and I can't get it to talk to my IMAP server.
Never tried e/OS but I'm a longtime user of Lineage (no GApps at all) not sure how it can report location data to Google if I have data turned off - which I do most of the time.
"It is true that installing MicroG on LineageOS requires a little work"
But on the other hand, installing LineageOS at all requires a fair bit of work. I have difficulty imagining someone who has both the knowledge and motivation required to install Lineage, but who then balks at the idea of installing MicroG. Anyone using Lineage uses Google apps through their own choice, not because it's too complicated to avoid them.
The real problem is the difficulty for the average user in using anything other than what their phone happens to come with.
Indeed! One of the LineageOS people has apparently contacted the authors and some media outlets with a statement/correction:
> The study linked chose to install a third party package ("opengapps") on a LineageOS device (per page 6). Google Apps are not preinstalled on LineageOS. We have no control over what data is sent by third party applications a user chooses to install, including packages from Google. Those services are neither required nor recommended, and free open source alternatives (such as microG and F-Droid) exist.
On my Galaxy A3, WiFi is disabled, BlueTooth is disabled, Mobile Data is disabled and Location is disabled. I activate those things only when I need them, and deactivate them again when I'm done.
So, when exactly is all that telemetry happening on my phone ?
I'm guessing it's when I have them activated. So, almost never then.
I've just jad to 'sanitise' an Android 6 device for my wife ('new' work phone). By default (work did a factory reset) it has location tracking by WiFi and Bluetooth scanning turned on, even when you have WiFi and Bluetooth turned off!
I can't imagine those abilities have been removed in later Android versions but I'm blowed if I know where the menu option to disable them has gone :-(
> Mobile Data is disabled
I noticed recently that my android will quietly override the Mobile Data=disabled setting any time it feels like. Discovered accidentally when I absentmindedly checked a website despite having switched off wifi and forgotten to switch mobiledata back on -- site loaded up casually.
Do a little investigation Pascal, for example when I'm on my way home I text the wife, "Hive in a few minutes" ... What's a "hive"? It's a Bee Home ... and now, after a several months of fun I'm getting a few adverts that features bees - often requesting donations to support various things, and ads that suggest excellent honey is available.
> [...] is disabled, [...] is disabled, [...] is disabled, [...] is disabled
And you really believe it is disabled? As others said, Android disables disabling whenever it fells like it.
I had already noticed this several years ago, back in v.4.4 times IIRC, when I observed that without WiFi, mobile data or Bluetooth enabled some (not all) apps managed to communicate nevertheless. Clearly user settings are but a non-binding suggestion.
I understand what you're saying, and I am absolutely not contradicting anything.
The only thing I can say for certain is that my mobile data usage as of the time of this writing (October 13th, 2021, 20:10:23 CEST) is 47MB out of 40GB.
And I have been using some of my data allowance, for business purposes.
What I will do is, in November, before activating any mobile data allowance, I will check on the usage numbers.
That should clarify the situation.
You can exfiltrate a lot of (text!) information in those 47 MB! Not saying that it's the case, I obviously don't know your specific situation, my point is that stuff happens on the couple phones I keep an eye on. I'm not entirely sure what and how, but there are things happening which are hard to explain and, given the actor(s), seem potentially suspicious.
(I don't entirely trust the phone's data usage numbers either, after all it is like asking the criminals to compile the crime statistics... I'm no developer, but I guess it would be terminally simple to filter out some usage from those statistics. The only data statistics I'd trust are those of my service provider, who wants to bill as much as possible.)
Yes. The things sent to google bypass Blockada and other firewalls. They happen low down the OS stack and are beyond the user level. It's a serious issue, as you can see from this thread. People think that they've got a firewall installed and all is well, while the same google telemetry data is being sent regardless, even on LineageOS.
I have LineageOS with neither Gapps nor MicroG apps. I have checked the traffic externally to the phone and I can say with absolute certainty that isn't true.
The same same goes for for your earlier comment about a-GPS - it does not do what you claim.
Your shilling for /e/ is neither required nor appreciated!
The bit leaking the data for 'LineageOS' appears to be the Google apps that aren't actually included in LineageOS - the user has to install them if they want them. In this case the researchers installed them via the opengapps nano bundle as listed in the 'hardware and software used' section of the report. If they'd gone with microG instead they would probably have got the same result as they did for /e/.
Exactly. Can someone tell me exactly why my car requires to phone home? It does after all have a perfectly good way of telling me when something is wrong, its called warning lights on the dashboard!!!
Since when did we all have to be nannied and monitored by whoever makes devices we own? My device my data and no manufacturer has the right to any data from it.
The first manufacturer to go back to the principle.of "make something sell it, wave it goodbye" to only make money from the sale of the item will have me supporting it far and wide.
Bought a second hand Dacia back in February. It was three years old and had 25,000 miles on the clock, an 18,000 mile / 12 month service interval and an MoT date of November. I do a lot more miles than that and knew that it would be up to 36,000 by late September / early October.
As far as I'm aware the car has no telemetry so... How come back in August did the garage I bought it from, which sold the car from new, ring me up and tell me it was nearly time for its service? As far as they should have been concerned it was nowhere near 36,000 miles and still three months away from the 12 month service / MoT deadline.
"the garage I bought it from, which sold the car from new, ring me up and tell me it was nearly time for its service?"
This is not a direct answer to your excellent question, but the dealer I bought from contacts me every few months because my car is "due for service." They calculate this by 1) estimating mileage, 2) how long since they last touched my car, and 3) their sales targets. (When I ask which service, they just tell me whatever is next in sequence, even if it's the next annual service 6 months after my last annual.)
I know you've used the joke icon... but that's actually far closer to the truth that you might think.
I get looked at like I'm some kind of freak because I refuse to use 99% of all social media sites/apps out there. I have zero presence, I do my best to block google and farcebook... I sandbox certain sites in firefox. I use a phone that's as free from preinstalled 3rd party apps as possible, don't use google search for anything.
Not conforming and letting every company who wants it... have free access to every single aspect of your life... Is considered subversive and freakish by the majority these days.
That's why nothing will ever happen to stop it, because it's become the norm... the time to act on it was 10-15yrs ago. The GDPR isn't fit for purpose, it's so many loopholes that allow unfettered data collection through 'legitimate interest' without actually specifying exactly what is and isn't legitimate.
The only way to win is not to play...
So I'm now off to see if my Motorola One Vision can be rooted and /e/ installed...
Its simple, there is no legitimate interest. That should be the basis for any device, be it a car, phone, games console, watch, television etc.
The current "legitimate interest" GDPR loophole is absolute bollocks and is purely a way for organisations to effectively bypass the spirit & intentions of GDPR.
> Its simple, there is no legitimate interest.
Actually, there is: Making money!
Doesn't get any more legitimate than that...
Seriously, GDPR might not be the silver bullet (some) people hoped for, but it's definitely better than nothing. Don't throw the baby out with the bathwater. If GDPR became the norm (including in the USA) humanity would already be way better off.
I believe these privacy intrusions can only be solved with legislation, not technical solutions.
The problem is, however, that governments themselves make use of the spying data to control and influence their citizens. Chances are therefore slim that they'll legislate against this kind of data collection.
The researchers used LOS *with* additional OpenGApps in the "nano" variant.
Alas they were ill-informed.
1. You can have LOS utterly clean without any Google crap.
2. If you need GSF (Google Services Framework) because you want to use apps that require it, you can install the "pico" variant of OpenGApps or install MicroG, which both contain the essential GSF. The "pico" variant is only half of the size of the "nano" variant. Imagine what makes up for the difference ...
3. You can have LOS with MicroG integrated as "LineageOS for MicroG" https://lineage.microg.org/ or as "System /e/" as in the paper.
4. Even more privacy protection is available as "iodé". That is LOS, MicroG and additional amelioration of privacy protection. Only drawback is that it is available currently only for a restricted set of devices. https://iode.tech/en/iodeos-installation/
I for one use it on my Sony Xperia XA2, perfectly satisfied. It even has a built-in Ad- and Tracking-Blocker. I have 99,9% of the functions I want available AND perfect privacy protection.
If you use Google Chrome, Google search, gmail and any other G product why worry about a few more bits of info going to Google from your phone? Google know more about you and your life than you will ever remember. Microsoft removed 33 Google services when the Edgified Chromium, these were baked in to the core application. (MS not much better than Google, so not a recommendation just highlighting how this Open Source product is tied to Google services like Android)
Get over it or vote with your feet and opt out.
Alterntives may not be as good but you should ask do they function for your every day lives, ie are they good enough?
Governments won't do anything about it as they don't care enough and it won't win votes for them and Google probably share the data with their security services so it is cheap tracking of undesirables for them.
"Google know more about you and your life than you will ever remember" - WRONG
The chocolate factory has nothing to gain here. The majority of the spying services, including doubleclick, is blocked in my PI-hole. I don't accept any cookies from spies. With various add-ons I fight browser fingerprinting and other means of tracking. About me Google may know a little bit, but that is about 2% of the knowledge about average John Doe.
"vote with your feet and opt out": Yes, that is exactly what I do and what I recommend. Replace Android by a clean custom-ROM.
"Alterntives ... are they good enough": The answer is, YES. For me and a lot of other people. Well, true, you need to invest a small portion of brain 1.0
"Governments": If you are target person of the state spies you can't escape them anyway. But you need not feed the Utah data centre of the NSA. It is ok to make their lives a little bit harder. ;-)
In order to be a mobile device your phone needs to not just have a unique global identifier but to make your carrier aware at all times where you are. WiFi also needs to know who and where you are but in this case it doesn't need to know anything globally unique about you (your MAC address can be synthetic, it just needs to be unique-ish). Even so, everyone within earshot needs to know about you whether you're on 'their' network or not.
Given that your handset is uniquely identifying you its not unreasonable to think that everything you do on the Internet is noted as well. What's surprising is the expectation that you have any privacy.
...and I'd guess that the reason why Apple handsets don't have the same kind of tracking mechanism that Android has is because its more of a closed ecosystem. Apple knows everything it needs to know about you from the moment you purchased that shiny new device.
It is apparent that all major brand mobile phones suck out a lot of private data. Even Lineage collects a lot of data, even without Google Apps installed.
With /e/ you get privacy by default. I use it daily, and there is no reason even non-tech-savvy would not use it. I wish more people would use it.
#1: If the researchers told us what addresses are receiving the data -- if not by my Android firewall, then at least in my wifi router?
#2: Similarly, does Android have anything equivalent to the Windows 'hosts' file, which I could use to remap the destination address to something harmless?