Whether you have an iPhone or an Android device, it continuously sends data including location, phone number and local network details to Apple or Google. Now a researcher has given a side-by-side comparison that suggests that while both iOS and Android collect handset data around the clock ̵
Both iOS and Android, said researcher Douglas Leith from Trinity College in Ireland, transfer telemetry data to their parent companies even when a user has not logged in or explicitly configured privacy settings to opt out of such collection. Both operating systems also send data to Apple and Google when a user does simple things, such as inserting a SIM card or scrolling through the handset settings screen. Even when idle, each device connects to the back-end server on average every 4.5 minutes.
Apps and more
It was not just the operating systems that sent data to Apple or Google. Preinstalled apps or services also established network connections, even when they had not been opened or used. While iOS automatically sent Apple data from Siri, Safari, and iCloud, Android collected data from Chrome, YouTube, Google Docs, Safetyhub, Google Messenger, the device clock, and the Google search box.
The table below shows a summary of the handset data sent to Apple or Google when the user is not logged in:
Where Android stands out, Leith said, in the amount of data it collects. At startup, an Android device sends Google about 1 MB of data, compared to iOS which sends Apple around 42 KB. When idle, Android sends about 1 MB of data to Google every 12 hours, compared to iOS which sends Apple about 52 KB in the same period. In the United States alone, Android collects around 1.3 TB of data every 12 hours. During the same period, iOS collects around 5.8 GB.
Google has disputed the findings, saying they are based on incorrect methods of measuring the data collected by each operating system. The company also claimed that data collection is a core feature of any Internet-connected device.
In a statement, a spokesman wrote:
We identified errors in the researcher’s method of measuring data volume and disagree with the paper’s claims that an Android device shares 20 times more data than an iPhone. According to our research, these findings depend on the magnitude, and we shared the methodology problems with the researcher before publication.
This study largely outlines how smartphones work. Modern cars regularly send basic data about vehicle components, their safety status and service plans to car manufacturers, and mobile phones work in very similar ways. This report describes the communication that helps you ensure that iOS or Android software is up to date, that the services work as intended, and that your phone is secure and running efficiently.
On the background (which means that Ars is not allowed to name or quote a spokesperson), the representative said that it is inaccurate to say that a user can opt out of all data collection of telemetry from Google OS. The check box for Android usage and diagnostics does not cover telemetro data that Google considers important for the device to function normally. Telemetry information collected, for example, by the Device Configuration service is required for updating and updating the operating system.
The spokesman also challenged the methods the researcher used to measure the amount of data collected by iOS. The experimental setup they used did not capture certain types of data, such as UDP / QUIC traffic, which is often transmitted by smartphones.
Apple representatives did not respond to a request for comment.
Collection around the clock
Leith performed his measurements using a Google Pixel 2 running Android 10 and an iPhone 8 running iOS 13.6.1. The iPhone was jailbroken using Checm8 exploit. Pixel had Google Play services enabled.
In general, the study, available here, measured the amount of data units collected:
- at first start-up after factory reset
- when a SIM card was inserted or removed
- when a handset was idle
- when the settings screen was displayed
- when the site was enabled or disabled
- when the user logged in to the pre-installed app store
Leith said the data collection from both operating systems is valid because it is easily linked to the user’s name, email address, debit card data and possibly to other devices the user has. In addition, the constant connections to back-end servers necessarily reveal the IP address of the device and by extension the overall geographical location of the user.
“Currently, there are few, if any, realistic options for preventing this data sharing,” Leith wrote.