Android data slurping measured and monitored Google's passive collection of personal data from Android and iOS has been monitored and measured in a significant academic study. The report confirms that Google is no respecter of the Chrome browser's "incognito mode" aka "porn mode", collecting Chrome data to add to your personal profile, as we pointed out earlier this year …
"The nature of some data may also surprise. App developers receive your age and gender whenever an app is launched, the study found."
And the accuracy of that age value is not high (I assume age would be from someone having a google account .. but nobody with any sense should use their real DOB when registering with gmail, fb, twitter etc. as DOB is one of the key identity theft targets*)
I assume "gender" found in same way? (presumably with lots of different options these days for covering gender fluidity)
..* and yes, that means you (& friends & relatives) not plastering birthday photos across social media - no point hiding DOB if there's photos of you celebrating 21st birthday (or whatever that also gives year as well as day / month)
Being "camera shy" is handy in these days of social media overshare
'gender' refers to the masculinity or femininity (or lack thereof) of nouns and other parts of speech, in languages that have such things (like Spanish, French, etc.).
For human chromosomal arrangements and the associated secondary characteristics, see 'sex'.
(any other usage of 'gender' to mean 'sex' simply smacks of political correctness and deserves ridicule and contempt)
I used to put in bogus DOB etc...and then I lost access to an old email account, which then meant I couldn't recover my ebay password, which means I lost 5 years of eBay seller history... etc etc.
You can't put in fake information that later might be used for account recovery unless you are planning to then write that all down somewhere. At some point you'd have to memorize an entire fake identity or two or three... sure some people do this but come one who has time?
FWIW, that's what the Notes field in my passwork keeper (PasswordSafe) is useful for. It even keeps it hidden until you need it visible. Lastly, if there's one damn file I'm guaranteed to be able to recover from somewhere, it's that one as well as the software installer. Tucked away all over the place.
"Google Analytics is used by more than three quarters of the top 100,000 most visited websites (including the one you're reading)"
... which is why my blockers are all running hot for el Reg and subsequently you're not getting any advertising revenue from me.
Okay, the huge "full background" ad in the area that I would normally click to de-focus things I had previously clicked on, and the side-ad that slides with the scrolling also play their part. Strip it down to just the top banner and bottom-right square, take off all the tracking and you'll get whitelisted...
"it doesn't collect any PII."
Whether or not it collects PII depends on how you define PII. It collects far more information than I'm willing to share, which is why I always block GA. If your data collection needs are limited to load time stats and "journey", then why not do this with your own scripts? Just keep it between you and your users. There's no need to let Google's spy systems in.
Strip it down to just the top banner and bottom-right square, take off all the tracking and you'll get whitelisted...
I wish the Reg would split the pointless-UI-candy scripts out to a different site, so I could bock just those. As far as I'm concerned, the post / vote / etc buttons are much more palatable as normal HTML than in their scripted versions. They bug me more than the ads, to be honest.
As tech-heads we have a duty to help anyone we know sanitize their Android phone. The warning above primarily applies to the dystopian nightmare that is 'Google Play Store' / 'Google Play Services' / 'Google App'
So leverage F-Droid / Fossdroid / Yalp instead. 'Location Services' can't be disabled 100% in all cases, but we don't have to make it easy for BrinPage algos. For those without root, Netguard / Blokada is your friend!
Also never ever use the built-in 'Android Keyboard' or built-in browser usually 'Chrome'. Again open-source is your friend:
https://www.wired.com/story/android-users-to-avoid-malware-ditch-googles-app-store/
"the anti-Microsoft brigade trumpetted about the virtues of Android being open source"
The problem with Android isn't the open source core, it's the large closed source lump that Google runs on top of it before allowing Play store apps to be used. Yes, we know about that one. It's been mentioned here many times. It's why the OP gave those recommendations and why we don't trust Google. Also partly the reason why my. mobile is an ancient Symbian Nokia (the other reason is it does all I need so I don't see any reason to spend on a replacement).
Sadly my antiquated Nokia N95 died a year or two back.
A trip to cash converters and £40 poorer, a slightly less antiquated blackberry replaced it. Yes, it doesn't do all the slick things android and iphone do, but I feel like I have some control over using it.
Sadly though, as I also found out 15 years earlier, BB's are a pile of tosh compared to Nokia.
please, Mr Blackberry, or Mr Noka, do us all a favour and invent a phone that doesn't spy..... I think the world may just abut be ready for it.
"Indeed, this article gives me an itch to rummage my drawer and see if any of the ancient Symbian Nokia's contained therein there still work..."
I am still quite happily using my Sony Ericsson C905a. So long as AT&T's network does not go full LTE it will be with me. I also picked up a bunch of extras from a phone shop so I always have spare parts.
> an ancient Symbian Nokia
Me too! I actually bought a "new" one after i'd learnt for myself all the shite that is slurped from android (and it'd not just google - most of the third party app suppliers are bad too)
Bonus? The battery last a week, the phone can be easily dialed in the dark and the rain, it's not as hard to hold as a "slate", and I don't have to worry about things slowing down because youtube decides to launch in the background.
Yep, I'll keep my android hacking to the comfort of my armchair.
Whilst I'm ranting about the horrible shape of all mobiles these days, I wonder, what happened to HCI? Why has user interface gone from practical to fashionable?
A few months ago, I splashed out a few hundred on a high specced android tablet... it's so thin that after a while it digs into your hands a bit, and the edgeless screen means my fingers keep drifting into pressing something I don't want to press... For non-intensive use, I literally use my old £40 tablet more often, because, well, borders, and more rounded sides.
pffft.
I was with you until the second word of the second paragraph. "Leverage" is not a bleedin' verb.
The truth is that Android is a system to turn a smartphone owner into a product. The only way to successfully avoid that is to strip out Google services framework completely which, in essence, means running a custom build of AOSP/LineageOS/AOKP/Omni without the final flash of gapps. Then add F-Droid, YALP¹ et al.
Even then, you have to be bloody careful. aGPS will quite happily talk to Google's SUPL server and quite literally hand them your coarse location along with device specific information. If you have a Mediatek device², their proprietary GPS core will also talk to their server. All of this is before the networks get involved.
As for Android being open source, the first time you build your own derivative you'll realise just how much of it isn't. Even Qualcomm based devices, the vendor most likely to play nicely with your *droid freedom project, is chock-full of binary blobs from the obvious RIL/modem (pretty much expected as raw access to this can be used for all manner of nefarious things) down to simple peripheral access.
It's a shame the Replicant project was such an epic fail but that was to be expected. The smartphone environment deliberately doesn't support full freedom as most devices are simply loss-leaders which enable access to the real product: You.
¹ Take no notice of apps that declare they're GSF dependent. Parts of them may be, yet they're usually deep down betrayal bits that don't affect core functionality. Of course, if you're installing even one closed-source app from GP through YALP, all your hard work deGoogling your device has gone out of the window anyway.
² Avoid at all costs. They almost always turn out to be landfill devices.
The only way to successfully avoid that is to strip out Google services framework completely
Correction : The only way to successfully avoid that is not to have bought a phone with Googles Android on it in the first place.
Andoid devices have been a Trojan for Google to get inside your walls almost since they first came out.
Correction : The only way to successfully avoid that is not to have bought a phone with Googles Android on it in the first place.
In an ideal world, yes. However, you try getting something with the screen, processing power, ancillaries and connectivity of an Android device without the Trojan horse OS for reasonable money. Far better to take advantage of their "kindness" and gut it of its traitorware.
This isn't blind trust. I run multiple utilities on the device itself via root adb shell to ensure I haven't missed anything any time there's a major change. I even strip out bits of Lineage that I don't trust such as the Jelly browser, e-mail, messaging and their update and feedback apps. In their place is Firefox Mobile, K9Mail, Silence and sod all because I'll track changelogs myself. Gone is anything Googly-syncable and in its place is DAVDroid and a self-hosted Nextcloud backend.
Not for everyone, I admit, yet for those of us for whom messing with builds is more fun than chore, it works. We're not going to change the world for Joe Public this way, though.
Andoid devices have been a Trojan for Google to get inside your walls almost since they first came out.
Agreed. My first 'droid device was an Orange SanFran simply because that was the first reasonably priced handset that was a doddle to unlock, CMify and disinfect right out of the box. Its stock OS lasted just long enough to remove the SIMlock.
>"Leverage" is not a bleedin' verb.
THIS ^^^^^^^^^^^^^^
A HUNDRED TIMES THIS
It on my Bullshit Bingo card. As a rule, if you use the word 'leverage' when you mean 'use', then your credibility drops like a stone.
>"Leverage" is not a bleedin' verb.
https://www.dictionary.com/browse/leverage?s=t
verb (used with object), lev·er·aged, lev·er·ag·ing.
to use (a quality or advantage) to obtain a desired effect or result:
She was able to leverage her travel experience and her gift for languages to get a job as a translator.
So leverage IS a verb (a transitive verb, to be specific), and if I have to, I'll look up OED, too.
>"Leverage" is not a bleedin' verb.
https://www.dictionary.com/browse/leverage?s=t
verb (used with object), lev·er·aged, lev·er·ag·ing.
to use (a quality or advantage) to obtain a desired effect or result:
She was able to leverage her travel experience and her gift for languages to get a job as a translator.
So leverage IS a verb (a transitive verb, to be specific), and if I have to, I'll look up OED, too.
The defence would like to place on record this,, which describes the act as being "very sensual" when, in fact, it's nothing of the bloody sort - it actually reminds me of the time one of my dogs accidentally ate some elastic from a piece of meat. Citing this source as authoritative is probably not a good idea.
Also this.
The defence rests its case, m'lud.
So leverage IS a verb
Of course it is. There are English speakers and writers who use it as one. In English, that's all that's required; English grammar is very flexible.
You'll never convince the prescriptivists of that, though. They live in a fantasy world where the gods hand down immutable rules of English usage that none may question.
You'll never convince the prescriptivists of that, though. They live in a fantasy world where the gods hand down immutable rules of English usage that none may question.
Oh, I'm fine with evolution. My aversion to LaaV (leverage as a verb) is simple. Let me say the same thing twice:
"We're going to use our experience in this field to produce something decent that people will want to buy. Keep me and the rest of the team informed of progress and problems, please."
"We must leverage core competencies and utilise our core IP to produce an innovative product that will obsolete the current paradigm, incentivise our clients and increase our market share. The core team will touch base often and will ensure that hurdles become opportunities."
Guess which of these is spoken by someone who knows what she's doing and will result in something that isn't a complete and utter dog's breakfast, shoddy to the point of worthless and impossible to support...
² Avoid at all costs. They almost always turn out to be landfill devices.
I'm messing around with one now.
It wasn't just the apps that have been modified, the whole system seems to be corrupt.
For starters, there are system apps which install apps without user intervention.
What's even worse is that even the developer options have been crippled or modified.
Enabling the "show CPU usage" in Developer options didn't show anything on-screen at first until turning it off and back on again but even then only one or two processes show on-screen.
Looking at logs shows dozens of errors of: "ProcessCpuTracker: Skipping unknown process pid ****"
that accounts for this oddity.
Bugreport is completely greyed out in Developer options.
uploading the Over the air update apk sha256sum to VirusTotal gets flagged as a trojan dropper by 28 different AV scanners as does the Gallery app and an odd TCP connection over port 444.
I had one whose answer to people getting root and stripping out system traitorware was to deliberately corrupt the ext4 filesystem on /system so that mount -o rw,remount /system failed back to read only. I did manage to reset the onerror flag to continue and disinfect but they're not worth the time, effort or rage to get them working properly - usually because they never will.
Stick with Qualcomm. How much longer that would have been my advice had they been Borged by bloody Broadcom is left to the imagination.
"Even then, you have to be bloody careful."
Indeed -- properly securing an Android device requires a fair bit of effort, not only in configuration but in terms of how you use the device. The level of effort required is increasing over time, too, which is why I'm working to get rid of Android from my devices entirely.
"Overall, the study discovered that Apple retrieves much less data than Google.
"The total number of calls to Apple servers from an iOS device was much lower, just 19 per cent the number of calls to Google servers from an Android device."
no shit - comparing Apples to Oranges. An Android connects to Google for "Androidy" things, and for Ads (in apps / webpages, etc). An Apple connects to Apple for "Apply" things, and Google for Ads (in apps / webpages, etc). So therefore the Android connects to Google more than the iOS thingie connects to Apple.
How many calls to Google from an Apple device were there? less than Android, for the same reason as above, but surely combining the two datasets gives a better indicator of the "badness" of Android's data slurp?
> It's all about the money, money, money - they don't really give a toss about YOU, just your pocket.
Er, that's kinda the point of a company. At least their desire to make money from the people who have money to spend means Apple are motivated to differentiate themselves from Android on the privacy front.
"Er, that's kinda the point of a company"
The point of a company is to provide a good or service in exchange for a reasonable profit. There's nothing about a company's goals that requires the company to treat its customers like walking wallets. A good business of any sort is one where both the business and their customers profit by the exchange.
Companies that chase profit to the exclusion of all other considerations are terrible companies.
"'As we repeatedly point out, Apple makes its money from selling overpriced hardware'
It's all about the money, money, money - they don't really give a toss about YOU, just your pocket."
Back in the '70s, an aftermarket automobile oil filter company ran a series of ads featuring a supposed auto shop mechanic extolling the virtues of their product. The tag line was "You can pay me now, or... Pay me later."
Plus ça change...
Android is Google's monetised trojan horse and the only reason they got away with it for so long: It was the wild west as far as Mobile platforms were concerned. This level of data slurping would not have been tolerated on a mature sector such as PCs, where users became savvy over time. Sadly, Microsoft's Windows 10 has gone the same way. NEVER 10!!!!!!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
