Privacy of Android and iPhones

Privacy of Google Play Services:

  • What Data Do The Google Dialer and Messages Apps On Android Send to Google? We find that these apps tell Google when message/phone calls are made/received. The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange. The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google. In addition, the timing and duration of other user interactions with the apps are sent to Google. There is no opt out from this data collection. On foot of this report Google say that they plan to make multiple changes to their Messages and Dialer apps. (14th March 2022, accepted for SecureComm 2022)
  • The app data is sent via the Google Play Services Clearcut logger and Google/Firebase Analytics. The data is binary encoded, but we have reverse engineered much of the format used and posted details on github, including scripts for decoding captured data. Instructions for capturing raw data from your phone are given here.

It's Not Just Google That's Using Android OS To Watch What You're Doing:

Comparing Privacy of Android and iOS:

  • Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google, the first systematic study of data that iPhones share with Apple and directly comparing data sharing by Apple iOS and Google Android. (25th March 2021, updated 10th June 2021. Now published in Proc SECURECOM 2021)
  • You should be able to reproduce the measurements in this report yourself. I've created setup instructions. These are for a macbook plus iphone, but I'll add more later. Note that its necessary to use an older iphone in order for the jailbreak to work (I've used an iphone 8 and an iphone 6s).

Google's Federated Learning Tools Are Not Private:

Chinese Android Phones: