Studija koju su objavili istraživači sa Triniti koledža ispitivala je varijacije Androida koje dolaze na Samsung, Xiaomi, Huawei, Realme, LineageOS i /e/OS telefonima. Prema rezultatima istraživanja, čak i kada je uređaj u mirovanju, velika količina podataka na svim verzijama sem /e/OS uređajima dostupna je kako proizvođačima telefona, tako i proizvođačima drugih preinstaliranih aplikacija, najčešće bez mogućnosti da se deljenje tih podataka zaustavi.
Svakako treba napomenuti da se istraživanje bazira na default verzijama Androida koje dolaze od proizvođača, a znatno manje na AOSP romovima, i uopšte ne na uređajima koji ne koriste Google servise. Uprkos tome, rezultati su merodavni, utoliko što najveći broj korisnika ne rutuje telefone i ne menja OS.
Kompletna studija dostupna je na sledećem linku: https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
Iz članka:
Key findings from the study:
- With the exception of e/OS, all of the handset manufacturers examined collect a list of all the apps installed on a handset. This is potentially sensitive information since it can reveal user interests, e.g., a mental health app, a Muslim prayer app, a gay dating app, a Republican news app. There is no opt out from this data collection.
- The Xiaomi handset sends details of all the app screens viewed by a user to Xiaomi, including when and how long each app is used. This reveals, for example, the timing and duration of phone calls. The effect is akin to the use of cookies to track people’s activity as they move between web pages. This data appears to be sent outside Europe to Singapore.
- On the Huawei handset the Swiftkey keyboard sends details of app usage over time to Microsoft. This reveals, for example, when a user is writing a text, using the search bar, searching for contacts.
- Samsung, Xiaomi, Realme and Google collect long-lived device identifiers, e.g., the hardware serial number, alongside user-resettable advertising identifiers. This means that when a user resets an advertising identifier the new identifier value can be trivially re-linked back to the same device, potentially undermining the use of user-resettable advertising identifiers.
- Third-party system apps, e.g., from Google, Microsoft, LinkedIn and Facebook, are pre-installed on most of the handsets and silently collect data, with no opt out.
- There may exist a data ecosystem where data collected from a handset by different companies is shared/linked. Notably, the privacy focused e/OS variant of Android was observed to transmit essentially no data.