How Google tracks Android device users before they've even opened an app Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app. Doug Leith, professor and chair of computer systems at Trinity College Dublin, who carried out the research, claims in his write up that no consent is sought …
Read, it's all about "consent" and at the moment Google and many other megacorps are still ignoring this legal requirement until found out and then playing the innocent card. Time to automatically fine any company breaching privacy laws, make them delete all the data collected and then let them prove innocent in court to get cash back, but without being able to claim court costs, so they still pay a little.
I've heard that "Youve nothing to hide" nonsense since the early 2000's when people really started to understand they were the product.
The point is not the guilt or innocence of the phone owner. We should all be able to walk around and do what we please without shame. The problem is what the data collector does without disclosing it to the phone owner.
People with GM cars found out they may have been declined insurance because their driving data was collected and shared without consent. Ever wondered why your job application was declined? Why your life insurance was declined? Why you're having trouble getting a mortgage or loan? Why did your credit score go down?
We don't have control over the sources of collection. Then we're forced into the shadowy world of online application forms, where we never interact with a human, software may simply not consider you in the process, and no human ever saw what happened, whether the information was correct, or if the decision was fair or lawful.
But if you have control over your privacy, they MUST come and speak to you personally.
"I've heard that "Youve nothing to hide" nonsense since the early 2000's "
Are you young or something? It goes way, way further back than this century. There's probably variations going back to when humans first evolved into conscious beings and established rules based groupings.
I still upvoted you of course :-)
ex_ob says -- "Hey, stop complaining that youre being tracked and your privacy trampled on, just accept it... Youve nothing to hide if youve done nothing wrong.. Sheesh. System slave."
Well ex_ob, if you've got nothing to hide, then give us your name, address, phone number, date of birth, bank account numbers and passwords. Guess what, all those are on your system.
"I'd love to use a browser, only in order to do so I have to use my bank's app on a phone to confirm the login every time"
That bank doesn't support any customers using the bank's website on a PC who don't have a smartphone (or indeed any mobile phone at all) ? I wonder how they deal with disability access legislation?
You can't open an account without a smartphone... in their defence their app works well and their banking service has been light years ahead of that I received from the traditional bank I used previously (until they closed all their branches within an hour's drive from me.)
"You can't open an account without a smartphone"
Oh, it's a "bank" for the kidz then?
Is it actually technically/legally a UK bank (i.e. does it have a UK banking license) or is it a wanna-be "bank" like some of the modern upstarts? i.e. Revolut only received a UK Banking License in July last year (apparently it took them 3 years to get one and their license has "restrictions").
I'm interested in which "bank" this is that you can only open an account using a smartphone...
Well, it won't be for everyone, but my solution to balancing convenience with privacy and security was to use Android only for functions where my real-life identity would be _necessary_ and tracking would potentially be an advantage (as it's used for anti-hacking/anti-scam mechanisms by some institutions).
So, I use an Android device as a "life administration terminal", mainly for banking but also for a couple of essential government functions via their apps (and as someone else said, some institutions _require_ app usage now, including for two-factor authentication if logging in via a browser even on the same device). I don't use the device for _anything_ else. When not in use, it's turned off, stored in a faraday pouch and locked away. The attached Google account isn't used for anything else, either - it's set up as an isolated ecosystem.
I looked at LineageOS, GrapheneOS and a few other ROMs but not every institution I need to deal with works outside Android (with genuine attestation). Still, I periodically re-visit Android alternatives in the hope they become more feasible for my purposes. Perhaps the Google anti-trust case will move that along?
For everything else, for the time-being at least, there's Linux, non-Google products and as much filtering as I can manage.
And they can have my Linux when they pry it from my cold, dead hands.
Some institutions mandate use of an app - they won't let you log in to do online banking without one. You may not have encountered this, but others have, as mentioned in comments should you care to read them. And it's going to become more prevalent as institutions gradually remove SMS two-factor authentication with some saying they're going to mandate biometrics and passkeys as well, as they progressively remove password-based login.
A smartphone is also small and can be taken anywhere. As cash gradually disappears, it becomes convenient (and increasingly necessary) to transfer money electronically. Have you tried to buy e.g. a second-hand car through private sale recently, when the vendor won't take cash (or cheque, and cheques will be gone soon anyway)?
By the way, thanks for the ignorance-driven downvote. Have one in return.
No, wait! Those Android phones are actually rather expensive.
Not all of them. If you want almost all the functionality of a Samsung S10 (no wireless charging, camera is not quite as good) and far superior battery life you can opt to be spied on by the Chinese and pay £80 for an Honor x6b.
I don't know how the CPU/GPU compares between the two as I don't play games but as a daily driver the only thing I miss from my old S10 is the wireless charging and I don't miss that very much because a single charge is lasting me five or even six days at the moment. My S10 couldn't do that even from new.
Totally with you.
The article didn't appear to suggest anything about Legal Analysis by the researcher, merely the findings, which appear to be confirmed by Google.
Seems a lot of bluff and bluster about yet more privacy shenanigans, but ultimately use any phone OS at your peril, unless you want to use GrapheneOS or similar, to lock your phone down, then find it's not as convenient.
YMMV of course, but hardening a phone isn't too hard to do, but do you want to?
Think of all the convenience of your pocket PC with a Cellular Module?
Always seems to be a trade off between security/privacy and convenience.
Doesn't even show up on my LG Wing. But, then again, I don't stay logged in to Google; I disable the Play Store and don't allow it to install anything Google when I do indeed re-enable and log in; and I occasionally delete all Google Play Services data. Plus NoRoot Firewall. And PiHole at home. And Firefox with NS, uBlock and Privacy Badger. And all Google apps are disabled (yes, even Maps). And location disabled.
I'm sure I'm forgetting something, like using ReVanced, but those don't count as much :p
Their responses sound exactly like those of an abuser gaslighting their partner. "I'm keeping you locked in the house to protect you" "I'm keeping you in sight of my cameras so that you can have an enhanced life experience". "Don't you know I'm doing this for your own good, yet do you ever thank me? No you do not!"
"Remember when Firefox let you choose what cookies to block? "
Well, the settings dialogue may have changed but it's still pretty selectable. Plus you've also always get about:config to play with with a bit of on-line searching for useful parameters.
And are the other browsers any better?
""User privacy is a top priority for Android." Taking it away that is."
Android with the Google overlay is that. You can get de-Googled Android phones that will run anything that doesn't need Google online services to function. Many more alternatives are also available.
I will never do anything financial through my phone. It's a device that is too easy to take from me, get lost, damaged or just run out of juice when the battery won't take much of a charge in a year's time. I also have not run into any situation where I have a need to access my bank account away from home or the bank. I keep a register on my computer and in the last couple of years, I've never been more than $5 off which likely means a fee that I didn't know about. I'm not running that close to the edge so it's not a source of stress. I pay bills usually on a Sunday afternoon when the weekend has wound down and I can sit and do it properly. I learned my lesson about auto-pay so there's none of that nonsense anymore. It also means there's no nagging in the back of my head about whether I've paid something or not since I am deliberate about it. I also keep written records and file them for at least a year so I have a trail should somebody say I missed a payment. It's shuts them up when I can tell them I paid, the exact amount and what form of payment was used. Since I'll usually get a confirmation number/email, I can hand that to them as well. Only happens every few years and not for at least 5 thus far. It makes me wonder if it's a scam to get people that don't keep records to pay again for something.
* In 2021, Apple said they’d scan your local files using your own hardware, in service of the police.
* People got upset, because this is a clear privacy violation and is wholly unjustifiable on any basis whatsoever. (Some people speculated that such a move by Apple was to appease the US federal police in advance of their shipping better encryption features which would otherwise hinder police.)
* Apple said some additional things that did NOT include “we will not scan your local files”, but did include a confirmation that they intend to ship such features that they consider “critically important”.
* The media misreported this amended statement, and people calmed down.
* In late 2022, Apple shipped end-to-end encrypted options for iCloud.
* Today, Apple scanned my local files and those scanning programs attempted to talk to Apple APIs, even though I don’t use iCloud, Apple Photos, or an Apple ID. This would have happened without my knoweldge or consent if I were not running third-party network monitoring software.
sneak.berlin slash 20230115/macos-scans-your-local-files-now/
---
I thought they said they completely wouldn't do this, but it seems they are.
No warning? It's google! They are and always have been a user driven advertising company.
Hell Gmail scans EVERYTHING (well did) which is literally how Google built their dominant search algorithm and we knew this during Gmail beta but since it was a first user as the product none of us really could grasp what it all meant.
This,.all this is literally Google's #1 play regardless of market
"They are and always have been a user driven advertising company."
They are a PII Big Data company with advertising as a handy side hustle. They can be contracted to target ads at a particular demographic using the PII they've collected or supply access to that data at an increased cost so their customers can do their own targeting or develop insight into a demographic they want to market at.
Managed to uninstall safety core fine, on a Samsung Android 10. Thanks for the warning!
One thing you can also do is disable Play Store and Play Store Services. Started doing this on my old Android 7 tablet which is still fine and going strong but used to freeze for 5 minutes at a time. Disabling Play stuff stopped that. And no other apparent downside. In the rare event I need to update something (that even still runs on 7) I just re-enable it and go do something else for 10 minutes, update, then disable it again. Will now do it on the Android phone too.
TBH, it's become so difficult to avoid everything privacy invading, I've almost stopped bothering except for the quick and easy. Especially those cookie dialogues which have 1001 different "Legitimate Interest" companies, all "on". Click-scroll-click-scroll-oh-not-another-page.
*uck 'em. I only buy what I want to buy and am highly uninfluenced by advertising - except possibly negatively - and keep my properly private stuff (bank etc) properly private. Mind, my Facebook Container add-on in FF shows some unexpected companies using FB cookies, Hargreaves-Lansdown I'm looking at you.
Yeah, Hargreaves Lansdown. I'd not be surprised if they'd trademarked the word "ethical" in order to prevent other banks from using it. They're about as ethical as Elon Musk's dad's emerald mine as far as I can tell. Remind me again how much money Mr Lansdown (the Guernsey-born billionaire and country's 150th richest person) donated to the pro-leave agitprop campaign in 2016?
"Mind, my Facebook Container add-on in FF shows some unexpected companies using FB cookies, Hargreaves-Lansdown I'm looking at you."
Facebook leases out cookie access to other firms. Pay a little, get basic info, pay a lot, get lots. How do you think Zuck is able to buy half a Hawaiian island and trample the rights of Hawaiians with impunity? Money, lots and lots of money which is a real feat for a free service...... or is it reallllllly free? Nope, you've agreed that they can track everything you do online and they've implemented the means. They've also been doing this for some time.
I got a new Pixel phone today, but I've not fully committed to switching over yet. It's interesting to see what you can actually do on a pristine Android phone with a) no SIM and b) no Google account logged in. The answer, of course, is very little. The Google News app thing works, and you can open YouTube and Photos, but that's about it. You can't even open other apps like Messages, without the login prompt, and of course you can't install anything else. It does let you install system software updates and fiddle with settings, but it's fundamentally highly crippled. No great surprise, just an interesting experiment that I hadn't tried for many years.
I got a cheap samsung from company, I had to put up a fight but it's working okay without a samsung account and without google account.
Use Aurora store for apps, Blokada for blocking samsung domains as they show up.
Disable dozens of permissions for the samsung apps I'm not allowed to disable and after a while it gave up telling me that i have to download 1.19GB of 'Apps' to complete my setup.
Xiaomi, Oppo ans samsung are in my top 3 list of DO NOT BUY phones.
( i only use phones i can install an alternative OS)
(I do not use them as a phone. My phone is a nokia 2G, use a 'smartphone' as a convenience tool, obviously with a google free OS)
It's very uncomfortable knowing that this technology exists and choice is limited. It's a tool that right now doesn't matter too much, but its so powerful as a control mechanism if misused. The problem is that, in the West at least, mobile phones are a monopoly. It's either Apple or Google and painful to switch. It's a monopoly because the app distribution is controlled. It's very hard on alternatives such as Lineage or Graphene to operate without PlayStore and some apps just don't work without the full set of Android services, usually the banking apps.
With every Android phone I've gotten I've created a new Google account just for it. I carefully document the user/pass elsewhere, but don't use it for anything else besides the PlayStore.
I am perhaps unusual in not having an important gmail mailbox, don't have any paid PlayStore apps, and don't do much web browsing on my phone (and no banking), but I figure I'm at least limiting Google's tracking to an identity token that is at least a little bit more difficult to tie to my day-to-day life than it otherwise would be.
This is why from two phones ago I haven't allowed it to log into G during device setup, or any time afterward. It's APKPure and ADB all the way.
We both have Samsungs - my Galaxy '20 is her hand-me-down from when my '19 got run over by a car (different story), and she took the opportunity to upgrade to the better camera in the '22. (Sorry we're not such blatant consumers - NOT. My '09 MBP still runs, albeit a bit more slowly than the FrameWork). She's always complaining about "wanting Google", but I say just because you have an in-house IT person, if you really want it, learn to log in yourself, at the expense of losing your "support contract". ;)
She recently got prescribed a sleep study which used an app to upload the data.
D/L'd the app just fine onto her phone. Installation was a breeze. Started it up.
"Please log into Google to continue".
WT?
Reached out to the device manufacturer, explained the app installed and ran fine but would not actually function, and asked how to use it without logging into Google, which should in no way be required just to run the thing. The sensitive medical data the app would be gathering is simply none of G's business.
Did get a response, but it was boilerplate "If you're having trouble logging into the App or Play Store..."
I so love it when people don't know how to comprehend a simple sentence.
Uninstalled and had her tell the doctor the gadget was being returned, and that perhaps a traditional on-prem sleep study like had been done before would be more appropriate...
Followed by installing an alternative SMS handling app?
I have a feeling moving away from this Google product might be a good idea before it gets its tentacles in, but are there any gotchas if I do?
Also, maybe the whole Android System SafetyCore topic needs its own article?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
