Khám pháWorld

Two popular Google apps are silently tracking more than 1 billion users?

Trinity College computer science professor Douglas Leith has just published the study “Application texting and calling Google send data what about Google”. Accordingly, two messaging applications (Messages) and calling (Dialer) of Google sent users’ contact data to the Google Play Services Clearcut logger service and the Google Firebase Analytics analytics service.

Research shows that data sent from Google Messages contains a hash of the text message, allowing the sender and recipient to be linked in a message exchange. The data sent from Google Dialer includes the time and duration of the call, which also allows the listener and the caller to be linked in a phone call. The phone number is sent to Google.

In addition, Google also receives when and how long the user interacts with these two applications. Google does not give users a way out of being crawled.

Two popular Google apps are silently tracking more than 1 billion users?  - Photo 1.

(Artwork: The Verge)

Google Messages (com.google.android.apps.messaging) is installed on over 1 billion Android devices. It is pre-loaded on many smartphones of Huawei, Samsung, and Xiaomi. Google Dialer (Google flying phone, com.google.android.dialer) has a similar reach.

According to the study authors, the pre-installed versions of the apps do not have a specific privacy policy that explains the data they collect, which Google requires of third-party developers. Both lead to a link to Google’s user privacy policy, but do not apply specifically to the application and are essentially not clear to the pre-installed.

From the Messages app, Google took the message body and timestamp, generated a SHA256 hash, and passed part of the hash to Google’s Clearcut and Firebase Analytics loggers. It is very difficult to reverse the hash, but in cases of short messages, Mr. Leith believes it is possible to recover some of the message content.

Google Play Services discloses certain data that may be collected for security and fraud prevention purposes in order to maintain the Google Play Services API and core services, and for other services such as bookmarks or syncing. Phonebook. However, it does not clarify or explain the collection of the message content, or the listener-caller. “Very little detail is available about the actual data collected,” the report reads.

Mr. Leith himself was also surprised that Google applications collected this data. He presented his findings to Google in November 2021 and discussed with the Google Messages Technical Director the changes.

He suggested 9 things to change and Google has or plans to do 6, including stopping collecting sender phone numbers and hashes of incoming/outgoing messages in Google Messages. Google confirmed to The Register that the content of the report is completely accurate.

According to Leith, there are two bigger problems related to Google Play Services, which is installed on most Android phones outside of China. The first is logging data sent from Google Play Services tied to a Google Android ID, which is usually linked to a user’s real identity, so that data isn’t anonymous. The second is that we know very little about what data is sent from Google Play Services and for what purpose. His research may be just the tip of the iceberg.

You are reading the article Two popular Google apps are silently tracking more than 1 billion users?
at Blogtuan.info – Source: Soha.vn – Read the original article here

Back to top button