Following various data-related controversies in the recent past, tech giants like Apple and Google started focusing a little extra on user privacy when it comes to their products and services. However, it’s not the case entirely, as according to a recent research paper, Google’s Phone and Messages apps collect and send user data to Google’s servers without user permission. While it is a privacy risk for users, the practice also potentially violates the EU’s General Data Protection and Regulation law.
Google Apps Violating User Privacy?
Google Phone and Messages app are arguably two of the most-used apps on Android as they come pre-installed in most modern Android devices. So, as per an in-depth research paper titled “What Data Do The Google Dialer and Messages Apps on Android Send to Google?,” computer science professor of Trinity College Douglas Leith uncovered that these apps collect and send user data to Google without the necessary permissions.
The researcher mentioned that the apps primarily collect data relating to user communications, including the SHA256 hash of messages, the timestamps of those messages, contact details, incoming and outgoing call logs, and call duration. Upon collecting the data, the apps use the Google Play Services Clearcut logger service and the Firebase Analytics service to send them to Google’s remote servers. Leith also highlighted the fact that Google can also reverse the hash of short messages to reveal their content.
The report reveals another key point that both the Google Dialer and Messages apps do not mention any privacy policies in terms of data collection, a practice that Google recently made mandatory for all third-party apps on the Play Store. This is sort of hypocritical of Google and puts it in a negative light.
These findings were initially discovered late last year, following which Google was informed of the same. Leith had also suggested some critical changes that Google should implement in its apps to prevent such practices. While Leith provided nine changes, Google has already implemented six of them.
Furthermore, Google provided some clarifications for its data collection practices. The company said that the message hash is collected for detecting message sequencing bugs, while the phone numbers are collected to improve the automatic detection of one-time password messages sent over RCS.
To recall, Google, along with other Big Tech giants, has been in the news previously for collecting user data without their permission. Be it via their voice assistants or for ad-targeting, these tech giants have time and again breached users’ privacy. We look forward to more details on this. So, what do you think about Google collecting user data without permission? Let us know your thoughts in the comments below.