Android and Google data sharing. Credit: Trinity College Dublin

The School of Computer Science and Statistics in Dublin, Ireland, has begun investigating how much user data iOS and Android send to Apple and Google, respectively. Overall, they discovered that, even when the devices are idle or minimally configured, each tends to share an average of 4.5 minutes' worth of data every day.

For instance, Apple and Google both receive the devices' IMEI, hardware serial number, SIM and IMSI, handset phone number and other items. Moreover, Android and iOS continue to transmit telemetry to their , even if the user specifically opts not to share this data. In fact, as soon as the user inserts a SIM card into either , corresponding user data beacons out to the parent companies of each.

Meanwhile, users have no way to avoid iOS devices sharing with Apple the MAC addresses of nearby devices—such as other handsets or home gateway—as well as GPS location. Indeed, these users do not even have to log in for the device to share their data. On the other hand, Google collects a much larger amount of data from nearby devices than Apple. As a comparison, Google receives about 1MB of data versus 42KB for Apple. While idle, the Android Pixel sends around 1MB every 12 hours, while iOS shares 52KB of data. Furthermore, Google even collects about 20 times more handset data than Apple, and the majority of users in the US have Android devices.

There are even additional features such as iCloud, Safari and Siri that send user data to Apple regardless of whether the user permits this activity or even knows their data is being shared. On Google Android, the equivalent apps transmitting such data are Chrome, YouTube, Google Docs, Google Messaging, Clock, Safetyhub and Google Searchbar. A big reason why these devices end up sharing so much data has to do with connection to the backend server which automatically updates on IP address. Once the company has an IP address, they can typically pinpoint a corresponding geographic location.

When asked about these privacy caveats and how they factor into user trust and safety, Apple has not yet commented. However, for its part, Google has responded regarding various mitigation options that are in the works. Still, so far, it seems users may have a while to wait for such mitigation.

Perhaps the spark of light in all of this remains the fact that any data sent between these devices and their parent companies must be encrypted.

More information: Leith, D. J., and Stephen F. "Measurement-Based Evaluation of Google/Apple Exposure Notification API for Proximity Detection in a Light-Rail Tram." PLOS ONE, vol. 15, no. 9, 2020, DOI: 10.1371/journal.pone.0239943

Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google, PDF: www.scss.tcd.ie/doug.leith/apple_google.pdf

Press release: sciencex.com/wire-news/3786414 … le-and-google-m.html

Journal information: PLoS ONE