According to a new paper from Trinity College in Dublin, data sharing habits aren’t what they claim to be.
A new report is calling smartphone privacy into question as researchers from Trinity College in Dublin showed that even when users opt out of tracking, devices are still riddled with unwanted trackers.
Even savvy users who have avoided sketchy apps and have followed privacy guides aren’t immune.
The smartphone privacy paper examined the data sharing habits of some of the popular app versions on Android, including those developed by Samsung, Huawei and Xiaomi. The researchers said that “with little configuration,” right out of the box, when Android smartphones were left idle, they were incessantly pinging device data back to the app developers and a number of other selected third parties. Moreover, there frequently was no way for the user to be able to opt-out of the data-pinging, even if they’d actively sought to.
The researchers pointed fingers in many directions in terms of blame. That said, they specifically looked to the “system apps” as being problematic. System apps are those pre-installed by the hardware manufacturer on a new device to provide a specific type of functionality. Common examples are camera apps and messenger applications.
The smartphone privacy issue in these cases stems back to the applications that come with the phone.
These apps are generally packaged in Android devices as a part of the device’s read only memory (ROM). This means that without rooting the device – something the average user is unlikely to do – it is impossible to delete or even modify those applications. Still, until that happens, a device will continue to constantly send data back to the parent company as well as several third parties. This will occur even when the user hasn’t ever opened the app sending the data.
There are certain developer rules Google – the Android OS creator – has in place to stop applications from being especially invasive. Though this doesn’t entirely protect smartphone privacy, it says that a developer is not permitted to connect a device’s unique ad identification with something more persistent, such as the IMEI of that device for any purpose related to advertising. Moreover, explicit consent is required by analytics providers who are permitted that form of linking.