Google Collects 20 Times More Telemetry From Android Devices Than Apple From iOS (therecord.media) 113
An anonymous reader quotes a report from The Record by Recorded Future: Academic research published last week looked at the telemetry traffic sent by modern iOS and Android devices back to Apple and Google servers and found that Google collects around 20 times more telemetry data from Android devices than Apple from iOS. The research, conducted by Professor Douglas J. Leith from Trinity College at the University of Dublin, analyzed traffic originating from iOS and Android devices heading to Apple and Google servers at various stages of a phone's operation... [...] The study unearthed some uncomfortable results. For starters, Prof. Leith said that "both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this [option]." Furthermore, "this data is sent even when a user is not logged in (indeed even if they have never logged in)," the researcher said.
But while the Irish researcher found that Apple tends to collect more information data types from an iOS device, it was Google that collected "a notably larger volume of handset data. During the first 10 minutes of startup the Pixel handset sends around 1MB of data is sent to Google compared with the iPhone sending around 42KB of data to Apple," Prof. Leith said. "When the handsets are sitting idle the Pixel sends roughly 1MB of data to Google every 12 hours compared with the iPhone sending 52KB to Apple i.e., Google collects around 20 times more handset data than Apple." In response to the findings, a Google spokesperson said: "This research outlines how smartphones work. Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways. This report details those communications, which help ensure that iOS or Android software is up to date, services are working as intended, and that the phone is secure and running efficiently." The Android maker also disputed the paper's methodology, which they claim under-counted iOS' telemetry volume by excluding certain types of traffic, which Google believes resulted in skewed results that found Android devices collecting 20 times more data than iOS.
Apple echoed its rival's response. "The report conflates a number of items in relation to different services and misunderstands how personal location data is protected," an Apple spokesperson told The Record. "Apple is not collecting data that can be associated with individuals without a user's knowledge or consent."
Additional information about the findings can be found here (PDF).
But while the Irish researcher found that Apple tends to collect more information data types from an iOS device, it was Google that collected "a notably larger volume of handset data. During the first 10 minutes of startup the Pixel handset sends around 1MB of data is sent to Google compared with the iPhone sending around 42KB of data to Apple," Prof. Leith said. "When the handsets are sitting idle the Pixel sends roughly 1MB of data to Google every 12 hours compared with the iPhone sending 52KB to Apple i.e., Google collects around 20 times more handset data than Apple." In response to the findings, a Google spokesperson said: "This research outlines how smartphones work. Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways. This report details those communications, which help ensure that iOS or Android software is up to date, services are working as intended, and that the phone is secure and running efficiently." The Android maker also disputed the paper's methodology, which they claim under-counted iOS' telemetry volume by excluding certain types of traffic, which Google believes resulted in skewed results that found Android devices collecting 20 times more data than iOS.
Apple echoed its rival's response. "The report conflates a number of items in relation to different services and misunderstands how personal location data is protected," an Apple spokesperson told The Record. "Apple is not collecting data that can be associated with individuals without a user's knowledge or consent."
Additional information about the findings can be found here (PDF).
In what jurisdiction? (Score:4, Insightful)
We need to know in what jurisdiction this happened.
In the EU the amount of data is probably a lot less because you have to opt in to everything. GDPR requires it.
Re:In what jurisdiction? (Score:4, Insightful)
I would love it if you were right - but I doubt that Apple or Google care; they probably point to some obscure bit of EULA that no one has understood. The consent must be informed and cannot require consent to data processing as a condition of using the service [gdpr.eu]. Google & Apple cannot claim that they did not know of these requirements - they are well publicised.
Basically the CEOs of Google & Apple should have their balls sued off for this - not Google & Apple but their CEOs, suing the companies will not change things, the CEOs losing their homes will.
Re: (Score:2)
Re:In what jurisdiction? (Score:4, Insightful)
Who pays for this data use? What if you have data turned off?
Don't tell me you're not aware that all those switches on your phone, which you think control it's features (maybe except the airplane mode) are the same as the "close door" button in elevators, i.e. they're there just to give you satisfaction of feeling in control.
Everything, from camera to power-off/on can be overridden, except physically pulling off a battery (which is not that convenient in nowadays compact glued devices). It is the same with computers containing any Intel or AMD CPUs (this I know, not sure about others), there is a hidden core with full control of all the buses and components not detectable for the user and even kernel. EU showed the balls and trimmed corporate power in the US it'll not happen, the big brother time is upon us and we payed for it.
At the moment corporations know where one's going, how often, mostly what one is reading/watching, how often, which parts are paused/re-watched, what one buys, when and where, what places one hovers more when browsing, what one's watching when looking at the phone (yes, that's the reason behind the auto-face unlock), soon even what's your reaction body (cardio, sweat, skin conductivity) to events, entertainment, people passing by, etc. with coming neural implants or (simpler) promoted basic thought readers to control devices (Facebook), they will even know basic thought patterns to places, people, events, etc. One can say - companies wouldn't do this - well, they would, and have: Sony rootkit, Lenovo overridden master certificate, random mike samples from phones (for "quality purposes") - examples are numerous. I keep having massive data transfers from my android, even over the payed bandwidth, once I called them - I spend the whole day chatting with numerous people, every single person I had to explain everything from the beginning, after which they had a list of the same misleading statements, after which they connected me to yet another superior and the whole story repeated - how much time an ordinary working person has for such BS?
Yes, I am overly cynical and dystopian here (maybe), I use these devices and I find them very convenient, but the reality is as it is.
Re: (Score:3)
I don't think anyone is claiming that these devices send this kind of information via cellular data while cellular data is turned off. They can easily store it, and send it later when they have a connection.
Re: In what jurisdiction? (Score:2)
Recommended book on Surveillance Capitalism (Score:3)
Only found your low-modded comment on the search for "surveillance". Frankly, your own "nerd" cred is in question. No Unicode on Slashdot, remember? Or at least you could pay attention to the Preview.
Reading around your gibberish characters, your technical point is confusing. Would you care to clarify? It would seem to apply only in the case of debugging problems, not continuously.
All in all, the FP thread was a disappointment, but I wanted to add mention of The Age of Surveillance Capitalism by Shoshana
Re: (Score:1)
Comment removed (Score:4, Interesting)
Know what pisses me off? (Score:5, Insightful)
The fact this is probably using MY data plan, which I pay for.
Re:Know what pisses me off? (Score:4, Interesting)
Who else's data plan would it be using?
The article says that a Pixel uses 1MB every 12 hours. That means 2MB per day, which would be 62MB over the entire month. In the US, 1GB of data costs approximately $8. So 62MB equates to about 50 cents per month.
Re: (Score:2)
Having RTFA, but not the paper itself, I cannot tell if it's using mobile data or exclusively wi-fi. I would suspect that it primarily/exclusively uses wi-fi, particularly based upon the chart where it explicitly indicates that Apple collects "Local IP Address" and "Nearby Wifi MAC addresses" and Google does neither of those, but does collect "Device Wifi MAC Address" whereas Apple does not.
Maybe DNS Sink It Away? (Score:3)
If vendors had limited telemetry to when wifi-connected, I wonder if it would be possible to break the upload process by using something like a DNS Sink [wikipedia.org] to kill the upload locations?
I use a couple of Raspberry Pi's and Pi-Hole [pi-hole.net] and it's really effective, even blocking embedded commercials from my SmartTV (a Samsung).
Re: (Score:2)
Who else's data plan would it be using?
The article says that a Pixel uses 1MB every 12 hours. That means 2MB per day, which would be 62MB over the entire month. In the US, 1GB of data costs approximately $8. So 62MB equates to about 50 cents per month.
Or, like I do, turn off cellular data while at home and use your WIFI.
I haven't used a byte of cellular data in over a year. I usually don't bother taking my phone with me when I leave the house. And my current internet connection doesn't have a cap.
My current cell plan is $14 a month with 1 free gig of data. So basically it's a phone.
Re: (Score:1)
Your use-case is the opposite of mine. I rarely need to use cellphone service while at home and only need it when I'm away. Can use landline and other computer devices while at home but those are not available to me when I'm away.
I appreciate having a cellphone with me in the event of any sort of car trouble or other emergency. There are many instances where I have been contacted while I wasn't home because my attention was needed right away and it couldn't wait for me to get home to get my messages off
Re: (Score:2)
Your use-case is the opposite of mine. I rarely need to use cellphone service while at home and only need it when I'm away. Can use landline and other computer devices while at home but those are not available to me when I'm away.
I appreciate having a cellphone with me in the event of any sort of car trouble or other emergency. There are many instances where I have been contacted while I wasn't home because my attention was needed right away and it couldn't wait for me to get home to get my messages off the answering machine.
For your situation of never taking your wireless phone with you, I would drop your wireless service and just use your home computer. Would save you $14/month.
I believe you misunderstood GP (or I did). I read that as they only use their cell phone as a cell phone (for calls only), and use Wi-Fi for data when at home or elsewhere.
Re: (Score:1)
Thanks but I got the idea he didn't take his phone with him when he left the house from this sentence, "I usually don't bother taking my phone with me when I leave the house."
Re: (Score:2)
Re: (Score:3)
The amount is irrelevant, it's the principle.
Re: (Score:2)
Assuming sanity limits have been implemented and are working correctly. Reminds me of people who got shocking bills on their metered Internet due to forced Win10 updates, or Teslas dying due to excessive SSD wear.
Don't get too comfortable with the idea that doing something in the background is okay as long as it's "non-intrusive". We've been fighting off crapware problems for decades and they just keep coming.
Re: (Score:3)
The fact this is probably using MY data plan, which I pay for.
Oh it's better than that. You also paid for the device which is explicitly designed to spy on you. You also pay for applications which are also designed to spy on you. Also, the entire ecosystem is designed so that you will pay to buy a new smartphone that will also spy on you every couple years. In fact, the only thing you've done with your smartphone is continually pay other people for the privilege of being spied on.
The only winning move (Score:2)
Re:The only winning move (Score:4, Insightful)
At a certain point people just accept it as being unavoidable. I myself am guilty of carrying a feature phone. I know my approximate location can be tracked at all times and I accept that as being unavoidable. I really wish at least one congressperson would fight to make it illegal to share that information without a warrant but here we are.
Re: (Score:2)
Absolutely any cellphone can be tracked using DTOA, if it can see or by seen by at least two cell sites.
Re: (Score:2)
Even if there is only one cell site you can still get an approximate location, it's just a larger area. However, when you exclude areas that would most likely have multiple cell site coverage, it drastically reduces the area of that approximate location. Apply basic logic using the direction you are heading and it's not hard to tell where you are.
It's possible to combat DTOA based detection but that's never going to be a feature for consumer grade products.
Re: The only winning move (Score:2)
Re: (Score:1)
Yes, which you bought, paid for, and use. You've got dozens of devices in your house that use electricity that you pay for when they're not on too. Grown adults who can't handle the idea of not being in 100% control of everything - a beautiful ideal with staggeringly annoying consequences in practice - is funny.
Re: (Score:2)
Yes, which you bought, paid for, and use. You've got dozens of devices in your house that use electricity that you pay for when they're not on too. Grown adults who can't handle the idea of not being in 100% control of everything - a beautiful ideal with staggeringly annoying consequences in practice - is funny.
Unfalsifiable argument, bandwagon and appeal to snobbery. Good job.
Re: (Score:2)
Android phones by default wait for a wifi connection before sending that kind of data, and doing stuff like cloud sync. You can adjust it in the settings but the default is to wait.
Re: (Score:2)
Both apple and Google are stealing users money. Apple much less so, apparently, and maybe more defensible. But even if Google is only stealing 50 cents, this could contribute to their already sizable e exposure.
Re: Know what pisses me off? (Score:2)
Both apple and Google are stealing users money
Wrong.
Until Apple or Google become cellphone carriers, they are not stealing your money. They may be stealing your data; but not your money.
Re: (Score:2)
Re: (Score:2)
wifi costs money too buster
Considering the amount of "extra" data use, perhaps significant in the case of Android; with iOS, not so much.
It's not the volume (Score:4, Insightful)
It's the type of data too.
TFA says that Apple iOS sends your location, local IP address and nearby Wifi MAC addresses. So everything needed to track you with great precision, and build a database of Wifi APs in your location too. Google does not collect that data at all.
Some of the data is stuff you probably want too, like an anonymous ID used by Google's anti-malware tech. Apple relies only on removing stuff from its app store, which is helped by the fact that you can't install apps from anywhere else.
Re: (Score:2)
> "Google does not collect that data at all"
[Citation needed]
There was a rumour that the Street View cars listened out for and logged WiFi APs as they drove around every public street, thus tying them to GPS coordinates. It wouldn't surprise me if that was true. It also wouldn't surprise me if this happened with phones and tablets.
Google was sniffing wifi [Re:It's not the volume] (Score:5, Informative)
There was a rumour that the Street View cars listened out for and logged WiFi APs as they drove around every public street, thus tying them to GPS coordinates. It wouldn't surprise me if that was true. It also wouldn't surprise me if this happened with phones and tablets.
More than a rumor. Yes, Google's Street View cars were collecting wifi info as they went. https://www.bbc.com/news/techn... [bbc.com]
https://www.wired.com/2012/05/... [wired.com]
https://www.theregister.com/20... [theregister.com]
Re: Google was sniffing wifi [Re:It's not the volu (Score:2)
a deliberate 'mistake' [Re:Google was sniffing wi] (Score:4, Informative)
Sure, but that was a mistake and the were caught,
You mean: Google claimed that that was a mistake. After they were caught.
Fixed that for you.
The Wired article basically said "that 'mistake' was completely intentional." https://www.wired.com/2012/05/... [wired.com]
"one would have no idea from reading it [the Google statement] that the payload-slurping software was intentionally included and that project leaders had been informed, in detail, about the [wifi data-logging] software"...
and
"The unredacted FCC report refers to a Google "design document" written by an engineer who crafted the Street View software to collect so-called payload data, which includes telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files sent over open Wi-Fi networks."
In any case: it was not a "rumour".
punished, deleted the data and stopped collecting it. Basically someone left their packet collector logging everything instead of just the SSID.
For two years. With a software design document stating exactly what they were doing.
This here is data that Apple collects openly and continually as a matter of policy. Mistakes happen, this is deliberate.
You think Google is better because they tried to keep the fact that they were sucking up data secret??
(and, yes, they did try to keep it secret. They petitioned the judge to not release the court proceedings because it was "business confidential" information).
Re: (Score:2)
The Wired article is vague about the design document. If it really said "let's collect medical records" then surely there would have been jail time for someone.
Re: (Score:2)
Actually, no. Google wasn't "caught". Google out-of-the-blue announced to the world that they had discovered this mistake.
I know it's hard to believe, because most companies would simply try to sweep such a mistake under the rug and hope nobody would find out.
Re: (Score:2)
Actually, no. Google wasn't "caught". Google out-of-the-blue announced to the world that they had discovered this mistake.
So, I take it from this that you haven't read any of the articles about it.
Re: (Score:2)
Actually, no. Google wasn't "caught". Google out-of-the-blue announced to the world that they had discovered this mistake.
So, I take it from this that you haven't read any of the articles about it.
bgarcia is correct. Google self-reported the Wifi packet data collection, per the requirements of the FCC privacy consent decree Google was operating under (and still operates under -- which, BTW, makes most if not all of the privacy abuse that people commonly assume Google to be guilty of impossible). The fact that it was mentioned in the design doc doesn't mean management knew about it. Design docs are written by engineers and reviewed by other engineers, and for a small task like this one that review wou
Re: (Score:2)
Actually, no. Google wasn't "caught". Google out-of-the-blue announced to the world that they had discovered this mistake.
So, I take it from this that you haven't read any of the articles about it.
bgarcia is correct. Google self-reported the Wifi packet data collection,
Yep. They self-reported it. Nine days after being caught by the Data Protection Authority (DPA) in Hamburg.
Re: (Score:2)
Actually, no. Google wasn't "caught". Google out-of-the-blue announced to the world that they had discovered this mistake.
So, I take it from this that you haven't read any of the articles about it.
bgarcia is correct. Google self-reported the Wifi packet data collection,
Yep. They self-reported it. Nine days after being caught by the Data Protection Authority (DPA) in Hamburg.
Cite? I don't see how the DPA could even know.
Re: (Score:2)
Re: (Score:2)
Cite? I don't see how the DPA could even know.
From the google press release [blogspot.com]:
" Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect."
The "blog post on April 27 [googleblog.com]" that is mention
Re: (Score:2)
Thanks for the semi-correction. I had missed the DPA audit bit.
The DPA didn't "catch" them, DPA asked them for the data so they could audit, and Google discovered the problem when they retrieved the info to provide to the DPA. The DPA agreed that there was no ill intent on Google's part only negligence, which is why they only fined Google half of what they could.
Re: (Score:2)
Thanks for the semi-correction. I had missed the DPA audit bit.
The DPA didn't "catch" them, DPA asked them for the data so they could audit, and Google discovered the problem when they retrieved the info to provide to the DPA.
What, you think that the DPA just decided to audit Google for no reason? Maybe they were bored?
"Hey, Dietrich, I'm bored."
"Ja? Me too. I have it-- let's audit Google.'
"Audit Google? Warum?"
"Warum nicht? Something to kill time."
Re:It's not the volume (Score:5, Informative)
> "Google does not collect that data at all"
[Citation needed]
There was a rumour that the Street View cars listened out for and logged WiFi APs as they drove around every public street, thus tying them to GPS coordinates. It wouldn't surprise me if that was true.
Google Street View cars do listen for WiFi APs as they drive around, creating/maintaining a geo-database of WiFi locations. Your phone actually uses this database to augment and refine location for Google Maps, etc., especially in dense city environments and indoors, where WiFi triangulation can be much more precise and reliable than GPS.
This is all known, intentional and well-documented, and creates no privacy problems. There was a related privacy issue, which was identified and self-reported by Google under the terms of the privacy consent decree that Google operates under (subsequent to Google's other major privacy faux pas, the Buzz thing). Specifically, the Street View cars were logging not just SSIDs and MACs, but also Wifi packet contents, which means potentially-sensitive user data from unencrypted Wifi networks. I'd argue that if someone is broadcasting plaintext they have no expectation of privacy, but Google opted to view this as a serious problem and It was the motivation for creating all of the privacy reviews that happen in all Google products now. The collection of packet contents had been added by the engineer that implemented the logging, but not as part of any product plan, and the data was never actually used for anything
It also wouldn't surprise me if this happened with phones and tablets.
I don't know for sure, but I also wouldn't be surprised if Wifi geolocation data is gathered from Android devices with location sharing turned on. It would make sense, to help refine the Wifi location database.
Re: (Score:2)
It's also not unique to Google, everyone is at it. Apple, Mozilla and there was even an open source effort... Wifi SSIDs seem to be considered like house numbers, public information that anyone nearby is free to observe and record.
Mozilla does offer an opt-out, but you have to change your SSID to end in _nomap.
Re: (Score:2)
Mozilla does offer an opt-out, but you have to change your SSID to end in _nomap.
Can't you just not broadcast your SSID? I thought none of these services were sniffing for SSIDs, only receiving broadcasts. Insofar as admitted, anyway. It seems to me like if you want to keep your SSID private, step one is not to broadcast it. That won't stop everyone, but it will stop the casuals.
Re: (Score:2)
Mozilla does offer an opt-out, but you have to change your SSID to end in _nomap.
Can't you just not broadcast your SSID? I thought none of these services were sniffing for SSIDs, only receiving broadcasts. Insofar as admitted, anyway. It seems to me like if you want to keep your SSID private, step one is not to broadcast it. That won't stop everyone, but it will stop the casuals.
You can stop broadcasting your SSID, but you can't stop broadcasting your MAC, and MACs are more useful for geolocation anyway. I'm not sure if SSID is even used, frankly.
Re: (Score:2)
Wifi SSIDs are explicitly designed to be like that. You're broadcasting an ID. There's also an option to turn it off.
Re: (Score:2)
TFA says that Apple iOS sends your location, local IP address and nearby Wifi MAC addresses. So everything needed to track you with great precision, and build a database of Wifi APs in your location too. Google does not collect that data at all.
Wait, what? They do if you have location services turned up to 11. That's literally how Google provides location services without GPS, collecting that data. You can turn it off, though.
Re: It's not the volume (Score:2)
Funny, through an odd quirk in the way youâ(TM)ve phrased your comment it reads like Apple are the ones whoâ(TM)s business is based 100% on knowing as much information about you, your whereabouts, your likes, dislikes, connections with others, etc, and not Google.
Re:It's not the volume (Score:5, Informative)
It's also worth noting that Google actually needs a lot more telemetry, because the team at Google who builds Android doesn't build the devices. We (I work on Android at Google) throw the code over the wall to Android device makers who proceed to modify our code in a variety of ways, then put it into devices and sell the result. We don't get to test the final devices, OEMs run a test suite that we provide then give us the results, and that's the basis for approving their builds. But they run the tests on a small number of "golden" devices, which are representative of the production devices they build, but are a tiny sample, in a lab environment, running a test suite. Very artificial.
Apple, in contrast, makes all iOS devices. They know exactly how they're built and what code is running on them. They can make "dogfood" builds that implement massive telemetry (well beyond what anyone would put in a consumer device) and deploy those to their employees, with employee permission. Google does the same -- but only with Pixel devices, and that doesn't help us understand the broader ecosystem.
It should be no surprise to anyone that Google collects a lot more telemetry than Apple. We have to, because we not only need to understand how the system is used and what's working well and what's not, but we also have to check up on the device makers, to ensure they're not messing things up with their modifications, in ways that our test suites didn't envision and so don't catch.
Of course, all Android telemetry has to be vetted by privacy engineers, and the software engineers are pretty careful as well. For example, I own the Android Keystore, which provides cryptographic services to the system and apps. Keystore gathers and reports metrics describing what kinds of keys apps use and how they use them, including algorithms, key sizes and other parameters, such as block cipher modes. It also gathers metrics on various kinds of failures. This is to help us understand what features are and are not being used and what sorts of cryptographic decisions app developers are making (largely so when we discover anti-patterns being used, we can get the developer relations team to help fix them, though documentation, tutorials and libraries). It also helps us identify patterns of failures that could indicate bugs that reduce reliability. This latter point is very important because prior to my taking it over, Keystore was notoriously unreliable [github.io].
What we do not collect is any information about the data processed by Keystore. We don't record message sizes and we don't record operation timings. This is because this information might provide a clue to the data contents being processed, and we don't want that. We do have performance tests, but they're part of the test suites. We're contemplating adding some logging of message sizes, because knowing whether apps encrypt/decrypt/sign large messages or small ones can help us to optimize the design, but if we do it we'll make sure it's very coarse (e.g. power-of-two buckets) and probably add some random noise. The noise will make it impossible to determine the actual (coarse) message sizes on any one device, but can be statistically removed on aggregated data to reveal broad usage patterns.
And, of course, anyone who wants to see exactly what we collect can look at the source code [googlesource.com]. (Note: That link is to the unreleased version of the code. If you want to see the current, deployed, code, it's in here somewhere [googlesource.com]. It's not so nicely isolated in a single file.)
The Big Difference (Score:2)
TFA says that Apple iOS sends your location, local IP address and nearby Wifi MAC addresses.
Yes, but with nothing to tie any of that back to you.
Meanwhile all of the data Google sends, is tied to you personally and probably some of it tied to anyone around you!
And... (Score:2)
Re: (Score:2)
If Apple is sending the IMEI then yes "BS". The IMEI et the IMSI is often used to spy on users. Do a quick google serach for IMEI catcher [google.com]. So the IMEI is very much personal data.
D.
The main difference between socialism and (Score:5, Insightful)
I used to love smartphones (Score:1)
Everyone's doing it, so it's OK. (Score:1)
Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways.
Must be some expensive "modern cars" since a lot don't even have a cellular modem.
Re: (Score:2)
Some of them have one and don't expose it to the user. Loads of GMs and even Subarus (which can also have OnStar preinstalled) have the OnStar equipment installed whether you paid for it or not; there isn't much to it really. I haven't looked it up but I presume it just taps into the vehicle data bus (probably CAN, but it doesn't have to be) in order to gather the information it needs to know things about car condition. You could likely build the equivalent yourself by wiring together modules for under a hu
Holy Crap...It's even worse... (Score:5, Informative)
So, I read the PDF for a bit to get a better idea of their methodology, and it's even more concerning than I thought.
That number for Android phones is based on a Pixel phone, set up offline, with all the opt-out toggles set to the opt-out setting, and without signing into a Google account on the device. This amount of data is being exfiltrated from the phone even if one does everything reasonably possible to avoid giving Google data.
Seriously, the fact that it takes rooting and installing an AOSP ROM to opt-out of data collection, and that companies are allowed to lock bootloaders that make it nearly impossible to do even this much for dedicated individuals, is abhorrent.
Re: (Score:3)
Capitalism means it's all about money, and the fact that someone will pay for your data means someone will try to collect it. The failure of unregulated capitalism is that no one is held to account when this information is abused.
The broad majority of websites' rapid responses to laws like the GDPR and California's [rather more limited] privacy laws prove that the situation can be changed through legislation, or at least improved.
Re: (Score:2)
Re: (Score:3)
what would you propose as an alternative to capitalism?
Capitalism with more oversight, and effective laws in place to prevent or at least greatly retard corporate influence in politics.
Capitalism works pretty well, but the devil is in the details, and we need to tie up those loose ends because pretty well is not good enough when we're talking about externalities upsetting the relative ecostasis of the biosphere we all depend upon for life.
Re:Holy Crap...It's even worse... (Score:4, Informative)
Worth noting that they had to jailbreak the iPhone and root the Pixel in order to install their own certificate for a MITM attack on the encrypted data.
I don't know about iOS but Android certainly notices when you root it and does behave slightly differently, e.g. the OS verification system flags it up to apps that care like some banking apps and streaming video services.
Something else went wrong with the tests. Their data indicates that their location was identified as Dublin in Ireland. Ireland is a GDPR country and all optional data sharing default to off, but the paper claims that they saw it all default to on. I can confirm that when I set up my Pixel 5 not too long ago it all defaulted to off.
Android respects the user's choices, e.g. they opted out of location data and it did not send any. Apple iOS did send location data regardless of any opt-outs.
Re: (Score:3)
That number for Android phones is based on a Pixel phone, set up offline, with all the opt-out toggles set to the opt-out setting, and without signing into a Google account on the device. This amount of data is being exfiltrated from the phone even if one does everything reasonably possible to avoid giving Google data.
Seriously, the fact that it takes rooting and installing an AOSP ROM to opt-out of data collection, and that companies are allowed to lock bootloaders that make it nearly impossible to do even this much for dedicated individuals, is abhorrent.
Typically Google Play services can be disabled which should stop the bulk of this however without root or a third party ROM with app firewalling you are still basically fucked.
Personally what I find most appalling is the predatory behavior of Google Play services. In retaliation for disabling Google play even basic functionality like contacts and messaging apps continuously nag you to enable Google play even though they continue to provide basic functionality they are rendered effectively unusable due to i
Do phones queue data for sending? (Score:2)
I very seldom have either mobile data or WiFi enabled on my Android phone. I enable one of them on when I need it, then immediately turn it off again. Is my phone queuing 'spy data' and sending it back to the mothership when I DO enable data or WiFi? I'm running CyanogenMod on a rooted phone with a firewall configured to disable as much Google crap communication as possible.
Apple is just better at data compression (Score:3)
Maybe Apple is just better at compressing the telemetry data?
Both collect data despite the user opting out (Score:2, Informative)
Bullshit excuse (Score:5, Insightful)
Car manufacturers do not need to know any of this. None. It is not the responsibility of car manufacturers to determine if someone installed a non-OEM part or if the person has been maintaining their vehicle. If Google is claiming this is the reason for car snooping then car manufacturers should operate in the same manner as Google: updating of components free of charge.
But that's not what Google is trying to claim. All they're claiming is car manufacturers do it so we can too. Which is a bullshit excuse since Google is not trying to see if a person's phone is updated or has issues but rather, what is the person looking at? Where are they near? Can we sell this information to someon? All without asking the person's permission.
Re:Bullshit excuse (Score:4, Insightful)
It is not the responsibility of car manufacturers to determine if someone installed a non-OEM part or if the person has been maintaining their vehicle.
The EPA says it is. That's the whole point of OBD. [epa.gov]
Remove your catalytic converter and install a "test pipe"? The "check engine" light will light up, and fail an inspection if one is required in your area. The only reason your car doesn't notify the authorities immediately is because the technology didn't exist when OBDII was developed.
Re: (Score:2)
Which is a bullshit excuse since Google is not trying to see if a person's phone is updated or has issues but rather, what is the person looking at? Where are they near? Can we sell this information to someon? All without asking the person's permission.
What you're alleging would be a violation of the Google FCC consent decree, and would cause Google to be fined and, more importantly, would be publicly disclosed.
Here's a more realistic view, from an insider (me): https://slashdot.org/comments.... [slashdot.org]
Well yeah... (Score:2)
The better question is, why is Apple collecting *any* telemetry data? I understand Google is spying on me in exchange for free software. It's why I can get a competent smartphone for $250 bucks. But the cheapest Apple is $400 unless I go refurb.
Re: (Score:3)
The better question is, why is Apple collecting *any* telemetry data?
Um, perhaps to see how well their phones are actually working under various conditions in the field. Ya know, the kind of data that really can't be determined until the product is out in the field...
And Apple may be a hardware-centric company. But every single one of their products above the cable and adapter level are running a lesser or greater amount of software, too.
Telemetry != Privacy Violation (Score:4, Insightful)
OMG, This is Slashdot! It's supposed to be a technology forum. Why do so many not understand that telemetry can be all kinds of thinks, much of which has nothing to do with you privacy.
For example, they could be sending data back on your cell signal strength so that ATT knows which towers need upgrades or where new towers need to be built. Or they send back data on which items in the settings screen are used the most so they can move those higher up on the UI. Etc. Etc.
Telemetry CAN be privacy violating, but its not by default.
Re: (Score:2)
If it has the potential to violate your privacy because of the data being collected, then it's wrong.
If that sort of data collection is going on without the user being notified with clear and understandable language, then it's doubly wrong.
This sort of thing can be done while respecting privacy, but often isn't, whether intentionally or incompetently.
Re: (Score:2)
You're using the word 'could' a lot because you cannot actually make an assertion about how safe the data is to one's privacy. Think about it.
Re: (Score:2)
You're using the word 'could' a lot because you cannot actually make an assertion about how safe the data is to one's privacy. Think about it.
That's not the point and you know it. The article title says google collects more telemetry and infers that's a terrible thing for you! But without knowing what that telemetry is the truth is Apple could be way worse. It's just media sensationalism without hard data.
Re: (Score:2)
It's just media sensationalism without hard data.
Yeah? Okay so it's MORE data than Apple, you don't know what it is, and it's from a company that makes billions off ... data. But that's all sensationalism, let's glare solely at Apple.
Re: (Score:2)
let's glare solely at Apple.
That's not what I said, but you just go ahead and keep putting words in my mouth.
Re: (Score:2)
But without knowing what that telemetry is the truth is Apple could be way worse.
That's a very different statement than: "Amount of data does not directly correlate with sensitivity of data."
Re: (Score:2)
That's a very different statement than: "Amount of data does not directly correlate with sensitivity of data."
Ostensible
1: intended for display
2: being such in appearance : plausible rather than demonstrably true or real
Re: (Score:2)
Telemetry CAN be privacy violating, but its not by default.
I see, so we should assume that none of it is privacy-violating?
Btw, most wired plans still gave data caps. Aren’t they stealing from you?
Re: (Score:2)
Most of these things can be determined by communicating with your community and usability testing. However, it's far easier to sack the testing teams to save money, and nobody really cares what users want because the marketeers will figure out what the most profitable direction for the device is.
Telemetry isn't about making things better. It's just the lazy way of developing products when you seriously believe your users are stupid and don't know what they want, so it's not worth even trying to connect wi
Re: (Score:2)
It's supposed to be a technology forum. Why do so many not understand that telemetry can be all kinds of thinks, much of which has nothing to do with you privacy.
When it comes to consumer technology containing the word 'SMART' telemetry effectively means spying.
Imagine for example a heating plant collects pressure and temperature data from a specific boiler.
Google collects pressure and temperature data from a specific smart phone.
Same data collected in both instances however political implications vastly different between the two. Content of the data that is not a relevant factor rather it is the utilization and control of the data that determines privacy character
Re: (Score:2)
On the other hand, Use for Something Useful != Privacy Violation. Just because the telemetry might be used for useful things like planning out new towers and UI design, that doesn't mean that it can't violate people's privacy at the same time.
Google would like to sell you an IOT (Score:3)
Re: (Score:2)
That's because no one uses Apple Maps (Score:2)
300MB (Score:2)
Don't be evil is a euphemism for STBY (Score:2)
Yeah, all y'all who thought buying Android was either cheaper or a way to stick it to Apple, sucks to be you.
Re: (Score:2)
Telemetry CAN be privacy violating, but its not by default.
You realize the study said that Apple collects more data types? You can fit a lot of privacy-violations in 86k/day.
Re: (Score:2)
Telemetry CAN be privacy violating, but its not by default.
You realize the study said that Apple collects more data types? You can fit a lot of privacy-violations in 86k/day.
I could have brought my arrowhead collection! But I didn't... --George Carlin
Coulda, Woulda, Shoulda.
Prove that Apple is actually violating your privacy, or STFU.
Arrowheads or it didn't happen!
Somebody be lyin’ (Score:2)
1)despite the user explicitly opting out of this [option]
2) . "Apple is not collecting data that can be associated with individuals without a user's knowledge or consent."
Wait, I know, the 27 pages of legalese == “knowledge and consent’”. The “agree with this or your iPhone is a $1,400 brick” clause is “knowledge and consent” too.
Transparency (Score:2)
What's missing is transparency. I (partially) believe Google when they say the data is used to improve the device, ensure services are working, fix bugs, etc. But, if that's all it is sending, then there should be a detailed accounting of exactly what is sent, when it is sent, and why. Providing that data should not be a big deal at all if their response to this is truthful and accurate.
I work in third party risk and its very interesting to see the massive difference between the assurance companies can e
Question: how much can be turned off (Score:2)
Re: (Score:2)
Only found your collapsed comment on the search for "solution". The idea of "solution" doesn't seem to have much relevance to Slashdot, does it.
Can't figure out what you think your solution means or what problem you are trying to solve. Care to clarify?