Following a slew of recent data-related incidents, digital behemoths like Apple and Google have begun to place a greater emphasis on customer privacy in their goods and services. However, a recent study article claims that Google’s Phone and Messages apps capture and send user data to Google’s servers without the user’s permission. While the technique poses a privacy risk to users, it may also be in violation of the EU’s General Data Protection and Regulation law.
Is Google Apps Infringing on Users’ Privacy?
Because they come pre-installed on most current Android smartphones, Google Phone and Messages are undoubtedly two of the most-used apps on Android. According to an in-depth research article titled “What Data Do The Google Dialer and Messages Apps for Android Transfer to Google?” by Trinity College computer science professor Douglas Leith, these apps collect and send user data to Google without the required authorization.
The apps mostly collect data related to user communications, such as the SHA256 hash of messages, the timestamps of those messages, contact information, incoming and outgoing call records, and call duration, according to the researcher. The apps submit the data to Google’s remote servers using the Google Play Services Clearcut logger service and the Firebase Analytics service. Google can even reverse the hash of brief messages to reveal their content, as Leith pointed out.
The research also discloses that neither the Google Dialer nor the Google Messages applications include any data collecting privacy policies, a practice that Google recently made essential for all third-party apps on the Play Store. This is somewhat hypocritical of Google and casts a terrible impression on the company.
These findings were first uncovered late last year, and Google was notified of the discovery. In order to prevent such behaviors, Leith advised that Google make some significant adjustments to their apps. Six of the nine improvements proposed by Leith have already been applied by Google.
Furthermore, Google clarified its data collection practices. The message hash is used to detect message sequencing problems, while the phone numbers are used to improve the automatic identification of one-time password messages delivered over RCS, according to the business.
To recall, Google, along with other Big Tech behemoths, has been in the spotlight in the past for illegally gathering user data. These internet behemoths have repeatedly violated customers’ privacy, whether through voice assistants or ad targeting. We eagerly await additional information on this. So, what are your thoughts on Google collecting data from users without their permission? Let us know what you think in the comments section below.
