Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday October 13 2021, @05:19PM   Printer-friendly

Android Phones Still Track You, Even When You Opt Out:

If you use an Android phone and are (rightfully!) worried about digital privacy, you’ve probably taken care of the basics already. You’ve deleted the snoopiest of the snoopy apps, opted out of tracking whenever possible, and taken all of the other precautions the popular how-to privacy guides have told you to. The bad news—and you might want to sit down for this—is that none of those steps are enough to be fully free of trackers.

Or at least, that’s the thrust of a new paper from researchers at Trinity College in Dublin who took a look at the data-sharing habits of some popular variants of Android’s OS, including those developed by Samsung, Xiaomi, and Huawei. According to the researchers, “with little configuration” right out of the box and when left sitting idle, these devices would incessantly ping back device data to the OS’s developers and a slew of selected third parties. And what’s worse is that there’s often no way to opt out of this data-pinging, even if users want to.

A lot of the blame here, as the researchers point out, fall on so-called “system apps.” These are apps that come pre-installed by the hardware manufacturer on a certain device in order to offer a certain kind of functionality: a camera or messages app are examples. Android generally packages these apps into what’s known as the device’s “read only memory” (ROM), which means you can’t delete or modify these apps without, well, rooting your device. And until you do, the researchers found they were constantly sending device data back to their parent company and more than a few third parties—even if you never opened the app at all.

Here’s an example: Let’s say you own a Samsung device that happens to be packaged with some Microsoft bloatware pre-installed, including (ugh) LinkedIn. Even though there’s a good chance you’ll never open LinkedIn for any reason, that hard-coded app is constantly pinging back to Microsoft’s servers with details about your device. In this case, it’s so-called “telemetry data,” which includes details like your device’s unique identifier, and the number of Microsoft apps you have installed on your phone. This data also gets shared with any third-party analytics providers these apps might have plugged in, which typically means Google, since Google Analytics is the reigning king of all the analytics tools out there.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by darkfeline on Wednesday October 13 2021, @07:26PM (7 children)

    by darkfeline (1030) on Wednesday October 13 2021, @07:26PM (#1186745) Homepage

    “with little configuration” and "even when you opt out" are mutually exclusive. I doubt anyone is surprised that by default smartphones send analytics data.

    The so-called "system apps" are just the versions of apps that come with the OS ROM. They can't be uninstalled, but they can be disabled or overridden. In fact, it is highly likely that you never run the version of the app that comes with the ROM because it is outdated. The reason they can't be uninstalled is that they come with the OS ROM, and the reason they come with the OS ROM is to ensure basic installs of the OS aren't missing crucial apps that users expect like the phone app (and for vendors to distribute their bloatware unfortunately). However, phones generally update their software during OOBE (out of box experience) so you would be running a downloaded and deleteable Phone App v2.0 rather than the disabled and un-deletable Phone App v1.0 that comes with the ROM.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by Immerman on Wednesday October 13 2021, @07:49PM (6 children)

    by Immerman (3985) on Wednesday October 13 2021, @07:49PM (#1186752)

    Do phones actually use ROM for anything more complicated than microcode? As far as I can tell everything is on flash, and is replaced when the OS is upgraded, which means preinstalled programs should be as easy to remove as on any desktop PC.

    Now *maybe* they install a read-only-mounted "disc-image" for the OS, rather than installing it on the same mutable file system as your personal data... but I haven't seen any evidence of that. In fact, one of the biggest recurring problems I've had on Android is having system logs growing to outrageous sizes (multiple GB) within the "locked" portion of the file system - depriving me of valuable space for my own data unless I either jail-break the phone or completely reinstall the OS.

    • (Score: 2) by Thexalon on Wednesday October 13 2021, @08:40PM

      by Thexalon (636) on Wednesday October 13 2021, @08:40PM (#1186771)

      If all is going to plan at least, nobody really knows what's on the ROM except people who have signed NDAs, because it's considered a trade secret, it's copyrighted, and most likely they've tried to patent the tools you'd need to read it so they can only be given to authorized personnel.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 1, Interesting) by Anonymous Coward on Wednesday October 13 2021, @08:51PM (1 child)

      by Anonymous Coward on Wednesday October 13 2021, @08:51PM (#1186776)

      The base OS image is on a read-only partition. There is also a writable 'overlay' partition that holds software updates and log files. Not all system apps can be disabled, and some that can get re-enabled any time an update comes through. I have an Android phone who's manufacturer cheaped out by going with a Chinese OTA update provider and they forcibly installed the PRC's mandatory spyware, with no way to turn it off, despite that being a contract violation. By the time I figured out what the problem was it was too late to return it, so it sits on a shelf with the battery out.

      • (Score: 2) by Immerman on Wednesday October 13 2021, @09:25PM

        by Immerman (3985) on Wednesday October 13 2021, @09:25PM (#1186793)

        Sounds to me like a prime case to take to small claims court. Regardless of warranty, a clear contract violation puts you in a position to claim restitution, and small claims court is cheap, doesn't require a lawyer (though you might want to briefly consult one beforehand to get your ducks in a row, and make sure you actually have a case), and very, very often results in default judgements against corporations that can't be bothered to spend thousands of dollars of lawyer time over it (and that's just the round-trip flight).

        Or so I've heard. I've never resorted to it myself. IANAL, etc.

    • (Score: 2, Informative) by Anonymous Coward on Wednesday October 13 2021, @09:09PM

      by Anonymous Coward on Wednesday October 13 2021, @09:09PM (#1186784)

      No, there is no physical ROM.
      Yes, the OS lives on a partition mounted read-only in normal use (not during OS updates, obviously), /system. If you have root, you can remount it read-write at any time.

      The idea that logging, which necessarily involves a partition with write access, somehow suggests anything about the presence or absence of a read-only partition, is pretty odd in the first place. There's no reason to suppose they'd be on the same partition.
      But if that logging is depriving you of formerly usable space, then it must be on the same partition as your user data, and is very clearly not on any system partition whose read-only-ness might be in question.

    • (Score: 2) by darkfeline on Thursday October 14 2021, @12:21AM (1 child)

      by darkfeline (1030) on Thursday October 14 2021, @12:21AM (#1186831) Homepage

      As some ACs have already commented, the OS is on a read-only partition, protected by the bootloader which does have a secure chain of trust to hardware components that include actual ROM chips. In my post I used ROM in the sense of "installing a custom ROM" and not physical ROM chips.

      --
      Join the SDF Public Access UNIX System today!
      • (Score: 0) by Anonymous Coward on Thursday October 14 2021, @08:35PM

        by Anonymous Coward on Thursday October 14 2021, @08:35PM (#1187100)

        so they tell YOU they secured your communication device for you but in reality they secured their evesdropping capabilities on your coms device, lol but sad :(