How Google harvested your data via Messages and Phone on Android without your consent

How Google harvested your data via Messages and Phone on

Google Messages and Google Telephone are two of the American giant’s most used daily applications on Android smartphones. And for good reason, they are natively installed on millions of devices around the world. Unfortunately for their users, these applications do not seem to respect the GDPR since they have obviously been used by Google to collect information without their consent.

In any case, this is what emerges from a study, identified by The Register. Led by Douglas Leith, a professor of computer science at Trinity College Dublin, it reveals that Google used its Google Messages SMS application and its Google Dialer phone application to collect and send data on users’ communications to Google services. Play, as well as the Google Firebase Analytics service.

Among the data that would have been collected in this way, Google would have got hold of the hash of messages sent, which allows it to link the sender and the recipient of a message, but also the times and duration of incoming calls and outgoing, which would again allow the American giant to establish a link between the sender and the recipient of a call. Google would have recovered the associated phone numbers.

The most problematic is that Google does not inform its users at any time of the collection of this data, and does not offer any solution to disable the collection of this information by its services.

In his study, the professor indeed noted that the preinstalled versions of these two applications do not include any privacy policy that could justify the collection of this data, even though Google requires it from third-party applications.
He also explains that the Google Takeout service, which downloads a copy of all the personal data that Google has on a user, oddly does not include the data collected by these two applications.

The study, however, explains that Google Play Services indicates that certain data is collected to limit fraud and for security purposes, but without ever detailing exactly what data is collected and how it is used.

Source: The Register, Douglas Leith

1n-tech