1. Home
  2. >>
  3. Google – Phone app and Messages send user data

Google – Phone app and Messages send user data


Google – Phone app and Messages send user data

Google is a data octopus, but it also does a lot for data protection and security. However, there are two apps, the Google Phone app and Google Messages, that have forwarded data directly to Google without the user’s knowledge.

Google Phone App and Google Messages – data exchange with Google

On Monday, The Register reported that Google’s Phone and Messages apps were collecting data and sending it directly to Google. All of this happened without user consent or an option to opt out (violating European data protection laws).

According to the research paper What Data Do The Google Dialer and Messages
Apps On Android Send to Google?” by Douglas Leith, Professor of Computer Science at Trinity College Dublin, both apps have sent data about user communications to Google Play Services’ Clearcut logging service and Google’s Firebase Analytics service.

The time and duration of other user interactions with these apps are also transmitted to Google. And Google offers no way to object to this data collection. Messages and the phone apps come preinstalled on over a billion Android phones.

Both preinstalled versions of the apps lack app-specific privacy policies that explain what data is collected. Google has long required this from third-party app providers. When a request was made via Google Takeout for the Google account data (the account was linked to the apps used), the data provided by Google for download did not include the observed telemetry data.

Both apps currently have links to Google’s consumer privacy policies on Google Play that are not app-specific and not necessarily apparent to those who receive the preinstalled apps.

With Messages, Google uses the message content and a timestamp, generates a SHA256 hash, which is then partially transmitted. Hashes are difficult to trace back, but in this case, according to researcher Leith, they could recover part of the message content.

Leith forwarded the results of his research to Google last November. Google confirmed on Monday that the results were correct and that they had worked together constructively and will continue to do so.

According to Google, the data collected has already been anonymized on the servers. Incoming timestamps were rounded to the nearest hour on the servers. To get even better at privacy, anonymization is now done right on the phone, so Google servers never have the exact data.

All improvements aimed at data protection were already rolled out in February via the Play Store with Google Phone App Version 75 and Messages Version 10.9.