That Pesky Rogue Developer
certainly gets around
Android and iOS phones transmit telemetry back to Google and Apple, even when users have chosen not to send analytics data. In a recent released research paper, titled "Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google" [PDF], Douglas Leith, chairman of computer systems in the school of …
Yeah, nothing tcpdump and wireshark haven't told me in ages. There should be serious punishment meted out for such flagrant violations of privacy and trust.
I would even go along the lines of the French tax model where they pay for the judiciary to appoint offices to supervise their operations and ensure that they comply with the relevant laws. This bullshit it was a rogue developer or some misunderstanding or we were just "testing" is complete and utter bullshit. I am sick and tired of meaningless fines and/or orders for mandatory training. Change the law to allow the supervision from withing and you will see compliance immediately.
I don't believe that the GSM protocol requires that any data be sent to to the original device manufacturers, only the networks.
That said, many people might have more trust in Apple's business model (seeking to retain lucrative customers for decades by selling them hardware) than they do the confusopoly of the network operators.
Also, a lot of people are glad of the Find My iPhone service that wouldn't work if a bag-snatcher could easily disable telemetry.
Yes, it shares my IMEI and SIM information with my network provider: not Google or Apple. They already know exactly who I am and where I live, and they gave me the SIM, so there's no surprises for anyone there. Yes, they know which cell I'm in at any given moment, but I don't have a problem with that – if I want to use a mobile I have to accept that this (extremely basic) information will be shared with the network, and they will not be sharing it with anyone else (barring law enforcement requests) or using it to advertise at me. As for a UUID, no. It's a Nokia 105.
So what's with the downvote hate, people? Are you objecting to my choices, or the fact that I'm not surprised at how much people's devices are tracked?
Not sure why the downvotes, but in my case I'm not differentiating between sharing with the manufacturer, and sharing with the network provider.
In my case I trust Apple a hell of a lot more than my network providers, who between them have done everything they possibly can to destroy any concept of 'relationship' they ever had with me. Lock-in, dodgy billing, extra mandatory 'services' and 'value layers' that were neither needed nor wanted, sneaky-bastard handset customisation and firmware mods (then denying it was them when the manufacturer refused warranty*) and so on.
*Dubai. Network provider modified the firmware on my new iPad to remove iMessage and FaceTime, no mention of this on the retail packaging, Apple said it was effectively a second-hand product as a result of the mods and initially refused a warranty replacement, but to give them credit they did eventually agree to replace as it was clearly a misrepresentation by the shop that sold it.
Wow, okay. Living in Dubai, I guess you have way bigger surveillance issues to worry about than Google's or Apple's snooping. That sh#t is pretty f#cked up. And that's entirely aside from the UAE's ongoing general human rights abuses. Not a country I intend to ever live in. Or even visit.
The whole Middle East is rife with this behaviour, because they're all shit scared that the Arab Spring that took down Tunisia, Algeria, Egypt and Libya will come home to roost in their own backwaters. Saudi Arabia keeps bribing its population with more and more things just to keep this pesky 'catching up to the West with personal freedoms' thing at bay, and various others (Qatar, Bahrain) try to buy their way out of any of their problems by spending *loads* of moola on Formula 1, World Cups and the like... "But look, we're civilised and nice and Western, honest!"
Dubai in particular has managed to pull the wool over the eyes of the Western world with its glitzy, glam lifestyle theatre (including the Burj Khalifa and what not), and counts on all those people who visit and have a good time counteracting those who look behind the pretty picture to discover migrant labourers being treated like crap, and certain old habits still being very much present (including the ruler of Dubai keeping several of his daughters under lock and key after kidnapping them). It is interesting when a wife of said ruler shows up at Heathrow claiming political asylum and goes to court in London for a restraining order, and it all causes a massive stink in the circles of the British aristocracy and British horse racing. Suddenly the all-benevolent and all-magnificent ruler doesn't look so benevolent and magnificent after all.
So yeah... I've avoided flying with any Middle Eastern airline (despite their absolutely fantastic on-board service) for at least a decade and a half (knowing what I do about how the Middle-Eastern staff treat their Western colleagues), I refuse to travel to or via Dubai, Doha or Abu Dhabi, and will avoid services/companies closely connected to the ruling regimes there. I'm sorry, not sorry, but I'll spend my money with companies and services closer aligned to my moral compass.
They said the estimate was "off by an order of magnitude" - but they didn't say in which direction.
What I want to know is whether all this slurpage still takes place if mobile data is switched off.
What really irks me is that mobile data is expensive - all this slurpage is being done without my consent and on my dime.
"They said the estimate was "off by an order of magnitude" - but they didn't say in which direction."
The "off by an order of magnitude" seems to be referring to the 1.3TB. Up an order makes it 13TB. Down an order "only" takes it to 130GB. Even a 130GB per day is a not insignificant amount of slurpage.
Also, what of those individuals on very low data tariffs? I'd expect those people in particular to want all slurpage turned off and will have actively hunted down all possible ways to turn off and refuse this wasted use of their limited data plan.
I did especially like Googles justification of saying that car companies do this too. "Look sir, the other boys are doing it too!" isn't a good excuse for being a shit.
>Google does not deny the slurpage, only the alleged quantity; which still works out to double that of the fruity lot.
I suspect Google are just being lazy compared to Apple.
Take that basic set of information: "The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number":
IMEI: Globally unique 15-digit code
Hardware s/n: variable, but Huawei it's 16-alphanumeric characters - assumed to be unique to manufacturer.
SIM s/n: ICCID is 19 or 20 digit globally unique number
IMSI: 15-digit number which uniquely identifies the subscriber.
Given for the majority of people all of the above will remain constant for the duration of a contract, it makes sense to condense. There is only really a need to actually communicate one globally unique identifier and a flag to indicate no change to any of the others since last transmission. This measure on it's own has the potential to reduce the volume of data transmitted by 75%.
I would not be surprised that applying similar considerations, lower frequency of status update and only report if changes since last report and you can quite quickly reduce that 1MB every 12 hours down to something approaching Apple's figures.
Also worth noting that this is news*: Google (& Apple) haven't been exactly forthcoming with what they do which would seem a bit strange if this is supposed to be normal, expected, above board etc. as Google insists (now that they have been caught with hand in the cookie jar).
* I suppose many of us suspected as much; I'd say confirmation is still news.
Google said....
"Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways," the company's spokesperson said. "This report details those communications, which help ensure that iOS or Android software is up to date, services are working as intended, and that the phone is secure and running efficiently."
A classic piece of whataboutery and entitlement. One we're speaking about phones not cars Google. And as far as I am concerned what car manufacturers do is not acceptable either! Car manufacturers take a damn sight more than that and in my view nothing should be sent back from my car full stop. The same as in a perfect world nothing would be sent back from my phone, computer, television, HiFi amp, Blu-Ray player etc.
It does need knocked on the head, unfortunately too many members of the public give it "nothing to fear, nothing to hide" and cannot see what the fuss is about.
As far as I am concerned once you have bought a product, the manufacturer loses all tie and rights to that product. My device, my data etc it is not there for a manufacturer (or OS creator) to use as a money making excercise, a way to avoid paying for test environments, or indeed global domination. Unfortunately its so ingrained in people now, they see it as normal, something that 15-20 years ago would have required covert surveillance, rifling through your possessions in secret, and any other activities that would have had a regular person convicted under current stalking laws, or at very least placing someone under fear or alarm. Its gone too far, can it ever be turned around now?
I was talking to a coworker of my wife last week about this and he was totally oblivious of these issues, his attitude was “whatever.,, I don’t care, it’s nothing”. And that is exactly the attitude of the general public. They simply don’t give a sh$&. There is no hope of this changing while the general population really don’t give a fuck. It will take a massive data breach, globally, where there are severe financial consequences for the public before this becomes an “issue”, and even then, the guilty will just roll out the boilerplate bullshit of “we value your privacy...blah blah blah”. The only solution is regulation but that’s not going to happen any time soon unfortunately.
Don't forget, we have the best government money can buy. And who has more money to bribe ... er "lobby" politicians? Not you or I. Who has enough money to hire many expensive lawyers? Not you or I. You don't bite the hand that feeds you.
It would take an outrage so great that the politicians cannot ignore before anything will happen. But for the issue of privacy, far too many have the "meh" attitude. The best thing you can do block it, using Blokada or Pi-Hole.
"This report details those communications, which help ensure that iOS or Android software is up to date"
If this data is so important for keeping the OS up to date, how come my phone is still running Android 8.1? For that matter, given that I get (or more accurately, don't get) OS updates from the phone manufacturer, exactly what use would this data be to Google?
you're so lucky! I run 6 point something and the phone's 3-4 years old or so (with a resounding "no!" from the provider, re. system updates beyond that 6.0.1), and on my other phone, android 4 point something (which is actually cool (looking).
Basically yes. You don't have to sign in if you want to use it as a phone. You'll get the Apple apps, including browser, can use it as a phone, get OS updates, all that. If you want to install apps though, you'll need to sign in. It could be worse, like Chrome OS, but it is limited without an account.
With Google getting into the CAR OS business (Volvo's etc) you can expect an awful lot more data collection. I would not put it past them to facial recog all occupants of the vehicle for each and every trip. They'll know all about you and them and then start sending targeted ads to the car.
That's only the tip of the iceberg I'm afraid.
Indeed it is. In practice it will take complaints to DPAs, meaningful action by them* and then the cases dragging trough courts for years. Apparently the potential fines - although substantially increased with the GDPR - still aren't large enough; otoh, I suppose consequences years in the future don't seem too bad especially when they don't affect those making the decisions directly (and when the same are likely to keep and enjoy whatever bounty they got as a result of said decisions even if shareholders eventually do suffer a loss).
* unfortunately this is hardly guaranteed, case in point:
https://noyb.eu/en/dpc-cancels-parliamentary-hearing-eu-us-transfers
(latest in the Irish DPC's epic labours to avoid doing anything meaningful in the 7.5 year old Schrems vs Facebook case)
Fines means nothing. Fines come out of the corporation's petty cash. It is a line item on a spread sheet.
What needs to be done is prison sentences for those responsible for the tomfoolery. If it means putting CEO's and Board members in prison for lengthily periods of time, so be it.
After all corporations are persons and these people represent and control the corporation. Laws for corporation persons need to be the same as laws for you and me.
> Oh, so slurping less is acceptable to you ? You accept nosey, but too nosey is too far ?
It's a concept called nuance. Being dogmatic is bad for the head.
We do it all the time - police officer is welcome to see my driving documents, but not my health records. Phone company by necessity can see my location, and can be subpoenaed in some jurisdictions.
It would be impossible for companies to provide us with goods and services if they had zero data about their market.
I agree that data slurping has gone too far, but the way out of it must include some sensible debate instead of knee-jerk absolutism. Because knee-jerk absolutism has achieved little in the last twenty years.
"Because knee-jerk absolutism has achieved little in the last twenty years."
Or forty, most of which I can remember. (I'm not counting my first orbit for sake of a large, round number.)
Trying to argue subtleties against knee-jerkers would make me lose ALL my social-media friends... if I paid more attention to social-media and actually tried to argue reason and nuance.
We all understand communication is important to relationships, be they transactional/professional or deeply intimate and everything in between -- man is a social creature, after all. But technology is now creating, storing, and sharing information outside of our direct awareness at a speed too fast for our limited wetware (as an AI in one webcomic put it: "MEAT IS TOO SLOW"). That lack of direct awareness causes many to resign to apathy and others to paranoia -- both resorting to their own dogma -- and thus nuance dies.
the only reason the fruity team slurp less data is they already know what the hardware is and how it handles the workloads, they made it and sold it to you
the choc factory has to collect the info, as 90% of the time, you didn't buy the hardware from them, and have to sign your life away for a bit of shiny, hardware and software lock-in and a premium for old ideas.
Apple hasn't had an original idea, since Jobs passed.
You mean like the one Pine64 is working on? They've gotten their phone's communications chip to run mainline and a few parts of the system work already. If you're willing to live with the blob on the chip, their device also isolates it so it can't access anything in system memory unless the main system sends it. But as said above, the information the GSM standard gives away is really tiny compared to what the phone manufacturers are getting. Also, the information the GSM standard requires is used to provide a service to me, I understand what it is, and most of it is actually required for the service to work. The data collected by manufacturers doesn't meet any of those requirements.
Just confirms that having a phone and carrying around with you, pin points to anyone who's interested (pick your TLA or Corporation of concern) your exact location and that they can track your every move (and of those around you), even if you think your opting out. Nothing new in that revelation. The details mentioned in the article however did peak my interest.
It mentioned that compete MAC and IP addresses (along with other such identifying data) where being returned. It goes on to say that the companies responded that they need this information to in general to monitor the performance (in a wide sense) of their product. It would seem to me that they could collect incomplete data for such items, such as a MAC address of 00-26-DD-XX-XX-XX, and it would fulfill that brief. It would confirm that the phone is connected (or any other monitored function) and that it is working nominally without sending to the mother ship any personally identifying data. Should we suggest this :) Pipe dream I know...
I suspect they're collecting MACs to allow for the phone to get location data when it can't receive any GPS satellites. Google has been doing this for years -- their initial database came from wardriving, but now they just update it from people's phones as they move around. Sometimes if your GPS signal is weak you can see your position jump abruptly as you move out of one WiFi network's range and into another's.
"It would seem to me that they could collect incomplete data for such items, such as a MAC address of 00-26-DD-XX-XX-XX, and it would fulfill that brief."
I've been reading the comments up till here... and am kind of surprised that, even here, another, IMHO crucial and basic point is missed. To reuse a phrase known for another "intrusive" (please forgive me the huge understatement) societal problem:
NO means NO.
What is not clear about that? The user said no to telemetry to begin with. Made use of that so often referred to privilege: choice. Ticked the NO box...
And thinking about where that phrase comes from, and the "sure, but a little is OK/ needed" comments here... So if I say NO, still doing it because you (think you) can justify it so well for your use case, makes it OK?
The mobile telcos collect all the basic shit anyway, so they can track your phone activity as part of the billing process. If the phonemakers of this world were banned from collecting it, they'd just do deals with the telcos along the lines of "spill us the shit or our next OS release will crash on your networks, here's some $$$ (a tenth of what we currently spend on spyware/exploitation dev) to help focus your minds. Oh, and you license us to sell it on, got that?"...
... OMG, they already have?
I work for a computer hardware company. I'd love every server we ship to dial home with telemetry about how reliable the product is. This would allow me to improve things. By default - zero information comes back, you can opt-in if you like. That's how it should be.
Why should a mobile phone be any different, especially when it actually costs the poor user $'s to do so.
If you use the ios find my device feature how do you think it is going to work if it doesn’t transmit data back to the central servers with its location? I assume something similar is available on Android?
And as others have said the your phone is constantly pinging location requests back to the telecoms provider otherwise you wouldn’t be able to receive any calls.
If you don’t want to be tracked with a mobile, leave it at home. It always amazes me when watching crime documentaries that criminal go out with the intentions of committing a crime and with their mobile in a pocket broadcasting their location.
The article specifies that they were looking at collection when there is no account signed in. In order to use the feature that finds a lost device, you need to associate the device with an account and access that account to get the data. By definition, they did not have that feature enabled and it sent data anyway. If the data was only sent when people had requested that service, it would be different.
Is used to implement security features, stub app detection, wallet storage and anti-theft. In Apples case, even when Find My iPhone is disabled, there is still the supporting infrastructure needed for App Clips and such to work. In the case of Android, Google do a lot of processing off-device, like scanning installed APKs even if they’re built in, to ensure nothing has been tampered with. This paper doesn’t do a lot to find out why data is being sent and could have benefitted by doing more research with manufacturer involvement,
"iOS shares additional data: [...] the Wi-Fi MAC addresses of nearby devices, specifically other devices using the same network gateway."
First problem: why in the world are they doing that? That's not helping with any of the device's features. Even if the device was communicating with those devices or detected them so the user can see them, there is no reason Apple has to know about them. There are several good reasons Apple should never know about them.
Second question: what happens if I put an iPhone on a network device which also has a raspberry pi programmed to authenticate with different MAC addresses every ten seconds or so. How much crap can I send through Apple's servers before they discount the data from that iPhone? Time to crank up the random number generator--there are 2^48 addresses I need to cycle through and I don't want them catching me in a pattern until they've gotten most of them.
Google(all 600+ addresses) is almost totally blocked by my firewall.
Apple is blocked apart from Saturday Mornings between 06:00 and 11:59. Everything seems to work fine
That's when I do my updates.
As of today, my firewall has over 120,000 blocked domains and IP's.
Pity that I can't take that firewall with me when I'm away from home.
You could VPN through your home network and get the firewall. There are a few other methods of doing that, but the VPN option is the one with the fewest security risks. I once considered just making my own blocklist a public though unadvertised DNS resolver, but since DNS resolvers can be used to DOS others, I didn't bother. Maybe I should set it up with DoT and DoH now.
Have you looked at DNS66 (from the FDroid appstore). It sets up a local VPN connection to itself with a DNS filter list (default is the same as PiHole uses, but you can add your own) and allows you to specify your own DNS server too. It doesn't require root, but it will increase your battery use.
GDPR requires clear and explicit consent for taking a storing personnally identifiable information. Google is takeing storing and processing personally identifiable information as it is actually going out of its way to track you where and however you go. What i would like to see is where is teh clear and explicit consent to this?
The French had a nibble at Google to the tune of €50 million euros for some advertising thing but that really did not go far enough. The EU need to grow a pair and Tell them to stop doing it, the max fine is €20 Million but they can also
Imposing a temporary or permanent ban on data processing
Order the rectification, restriction or erasure of data
Suspending data transfers to third countries
Untill they do one of the above they will just ignore everyone and carry on doing their thing.
Note the Linage 14.1 which can be as googleless Android 11 as you want it
https://lineageos.org/Changelog-25/
Where's the consent ? Well Google would argue it's in the agreement you signed when you started using the phone. GDPR explicitly says that such shenanigans are no more valid than putting them in a locked cabinet in a disused lavatory with a sign on the door saying "Beware of the leopard".
But, for anything to happen, as mentioned further up, there has to be a complaint to the data protection authority in an EU country AND for that authority to take action (rather than expend a lot of effort into trying to demonstrate why they are not legally able to). it then drags on for years and years and years and years and ... you get the picture.
Just look at the Schrems cases to see what it takes.
"Note the Linage 14.1......."
I take it you meant 18.1............
A number of other custom Roms can be pretty much without Google if you want it but you will still need some sort of firewall to stop the underlying firmware sending home - especially Xiaomi........
I don't currently have a google account registered on my phone and using microG and or other location back ends gives a little more privacy but I know it is still not ideal.
Leith notes that Google's analytics options menu includes the text, "Turning off this feature doesn’t affect your device’s ability to send the information needed for essential services such as system updates and security."
Firstly, for system updates and security, my phone doesn't need to send any data at all to anywhere. It can, occasionally, ping a server to ask what the latest available version is. It can then ping another server (not necessarily Google, could be the manufacturer) saying this is my model number, can you please send me the latest security or OS update that is supported for the model. Any data sent to be deleted immediately the phone is updated.
You can add advanced options at users choice, requiring more data to be sent. But that is exactly telemetry. There needs to be an option to send nothing at all, even if it is at some cost to security. My device, my risk but the choice has to be there.
Very little. The OS itself has cut the packages from Google which phone home to them. If you log DNS requests, for example, you'll find there are orders of magnitude fewer while the phone is in standby. Flashing it also wipes out the manufacturer's installations, some of which likely send telemetry as well. The comparison between the two is striking. While there are ways for tracking to persist even after Lineage has been flashed, that's a possible mechanism where you already have several guaranteed ones.
In all cases, it's a significant improvement. Of course, if you flash Lineage OS and then install Google's APKs so apps requiring Google Play Services work, they'll start to collect again. Also, you'll lose some of the Google-provided services. I value that in the pursuit of privacy, but it annoys people sometimes.
If one is either somewhere that one did not want known (for reasons varying from simple privacy to paranoia to criminality) can one simply turn the phone off until needed? Or, if that is not enough, is there a box analogous to a Faraday cage that could be used to store the phone in until needed? So, the phone would "stop showing up" on cell tower data, then "show up again" later? Or are people are too used to carrying the phone to simply leave it at home, do the crime/visit the secret paramour/just want to not be tracked, then come home and pick up the phone again?
Yes, just turning off the phone is probably good enough to drop you off the grid. If you're paranoid, you might not trust that and want to go further and remove the battery. The logging could show that you did that, indicating that you had taken a suspicious step, depending on how much analysis they wanted to perform on your data history.
Most of the time, it's just criminals being stupid. A lot of people who commit basic crimes just don't know very much about the risks they're taking. Some people still get caught with fingerprint evidence even though everybody has known for a century that they are left everywhere and police know how to use them. Given that there are criminals who don't bother to put on some gloves, it's probably not surprising that there are criminals who don't bother to leave the phone at home.
I only stole 500 quid off him, your honour, not 5K, as the 'honourable' gentleman claims! And no, I didn't 'burgle the house' as the claim goes, only went through his phone number and a few other bits, I mean, you can't call it THEFT, can ya?!