[ad_1]
As an operating system developed and fully owned by a company whose business model relies predominantly on advertising and user data collection, Android has developed a reputation for being less private and less secure than other operating systems, such as Apple’s iOS.
Despite being open-source, Android comes pre-bundled with a plethora of software both from Google itself and from other parties, including OEMs and carriers. These apps are most often impossible for the user to uninstall and also have wide-ranging privileges, including access to the whole device and user data.
Dubbed “bloatware”, most users may never use these apps and features, yet they are always there and can collect vast amounts of user data. Although data collection by bloatware has been generally known, the extent of such collection when the user doesn’t actively try to prevent or simply isn’t aware it hasn’t been previously explored.
A new analysis conducted by researchers at the University of Edinburgh has sought to examine the extent of data collection when the user does minimal configuration. The results of the analysis were quite revealing.
The researchers analyzed data sent by smartphones running six different variants of android or “skins”, namely OneUI, MIUI, RealmeUI, HarmonyOS offered by OEMs Samsung, Xiaomi, Realme, and Huawei respectively. Additionally, they also tested community-developed “privacy-focused” android variants LineageOS and /e/OS.
When devices running the above-mentioned variants of android were examined, with exception of the device running /e/OS, all the other variants sent significant amounts of data back to the developers, and third parties such as Google and other companies with pre-installed apps such as Microsoft, Facebook, and LinkedIn.
The researchers found that users had no way to opt-out of this data collection when setting up.
Xiaomi in particular was the worst offender and collected details of all app screens viewed by the user. Devices running MIUI also collected the timing and duration of how long an app was used by the user.
The researchers also found that some devices come preinstalled with the Swiftkey Keyboard as default. The keyboard sent usage details, such as text is written using the keyboard, as well as contacts back to Microsoft.
OEMs also collected device identifiers that made it impossible for users to opt-out of personalized advertising. These identifiers helped Google, Xiaomi, and Samsung to relink advertising identifiers, even after the user resets, thereby undermining user privacy.
Almost all third-party “bloatware” collected vast troves of data, with neither consent from the users nor did they provide an option to opt-out.
Cover Image: Shutterstock
[ad_2]
Source link