New study raises fresh privacy concerns about Apple and Google mobile phones

A new study published by Professor Doug Leith at the CONNECT Centre in the School of Computer Science and Statistics at Trinity raises fresh concerns about privacy features of the Apple iPhone and Google Android devices.

Key findings

  • Apple iPhones and Google Android phone share data with Apple and Google on average every four and a half minutes, even when the phone is not being used, such as when it is in a pocket or handbag. Such a high frequency potentially allows location tracking, even when location services have been disabled by the phone user
  • Apple not only collects data about a phone owner’s handset activity but also about handsets nearby. Apple can potentially track which people you are near to, as well as when and where
  • Apple iPhones offer no greater privacy than Google devices
  • Both iOS and Google Android transmit telemetry recording events such as insertion of a SIM and sending handset details such as the hardware serial number, IMEI, Wifi MAC address and the phone number, despite the user explicitly opting out of this
  • Users have no opt-out from this data collection and there are few, if any, realistic options for people to prevent this data sharing.

 

The full study is available to read here.

Commenting on the study, Professor Doug Leith said:

“I think most people accept that Apple and Google need to collect data from our phones to provide services such as iCloud or Google Drive. But when we simply use our phones as phones – to make and receive calls and nothing more – it is much harder to see why Apple and Google need to collect data. Yet in this study we find that Apple and Google collect a wealth of information in precisely that situation. It seems excessive, and it is hard to see why it is necessary.

“In particular, it is disappointing to see that so much handset data is being collected by Apple. I think iPhone users often believe that their handsets offer greater privacy than Android handsets, and certainly Apple themselves make great play of the importance of privacy. Yet our study finds that Apple collects pretty much the same sort of data as Google.

“Apple not only collects data about handset activity, but also about handsets nearby. When you use WiFi, the WiFi MAC addresses of other devices on the network are sent to Apple.  When the location toggle is enabled on the handset then the precise GPS location is also included. The WiFi MAC address identifies a device on a WiFi network and so, for example, uniquely identifies your home router, cafe hotspot or office network.  That means Apple can potentially track which people you are near to, as well as when and where. That’s very concerning.

“Apple and Google collect handset hardware identifiers such as the handset serial number and IMEI.  Whenever a SIM is inserted the handset sends your phone number to them, together with other details. If you log in to the Apple or Google app store, then that handset information becomes linked to your email and other personal details such as your credit card, web browsing history and so on, even if you later log out.  Even if you never log in, in many countries photo ID is needed to obtain a SIM and so the phone number is directly linked to you.

“Every time a handset connects with a back-end server it necessarily reveals the handset IP address, which is a rough proxy for location. The high frequency of network connections made by both iOS and Google Android (on average every four and a half minutes) therefore potentially allows tracking by Apple and Google of device location over time.

“While the privacy of mobile handsets has been much studied, most of this work has focused on measurement of the app tracking/advertising ecosystem and much less attention has been paid to data sharing by the handset’s operating system with the mobile OS developer.”