Always Watching: Google’s Messages, Dialer Apps Send User Data to Internet Giant Without Consent

In this photo illustration the Google logo is reflected in the eye of a girl on February 3
Chris Jackson/Getty Images

A recent research paper reveals that Google’s Messages and Dialer apps on Android smartphones have been sending user data back to the Masters of the Universe without notice or user consent.

The Register reports that the default Google Messages and Dialer apps for Android devices have been collecting and sending user data to the internet giant without notifying users or gaining their consent. Users have also not been given the opportunity to opt out of the data collection, possibly violating Europe’s data protection laws.

Sundar Pichai, senior vice president of Chrome, speaks at Google's annual developer conference, Google I/O, in San Francisco on 28 June 2012

Sundar Pichai, senior vice president of Chrome, speaks at Google’s annual developer conference, Google I/O, in San Francisco on 28 June 2012 ( KIMIHIRO HOSHINO/AFP/GettyImages )

Sabo mocks Google CEO Sundar Pichai

Sabo mocks Google CEO Sundar Pichai (unsavoryagents.com)

A research paper titled “What Data Do The Google Dialer and Messages Apps On Android Send to Google?” published by Trinity College Dublin computer science professor Douglas Leith states that Message and Dialer, used for sending text messages and making phone calls, have been sending user data to the Google Play Services Clearcut logger service and to the company’s Firebase analytics service.

The paper states: “The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange. The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google.”

Messages and Dialer are installed on over one billion Android devices including devices offered by AT&T and T-Mobile on Android phones in the US. In other countries, handsets made by Huawei, Samsung, and Xiaomi also preload their devices with the apps.

Both of the pre-installed apps fail to provide app-specific privacy policies that explain what data gets collected, and when a request is made through Google Takeout for the account data linked to the apps used for testing, Google did not provide any of the telemetry data observed by researchers.

Google Messages takes message content and generates a SHA256 hash which is created by an algorithm that maps the readable content and transforms it into an alphanumeric digest. A portion of the has is then transmitted to Google’s Clearcut logger and Firebase Analytics. In theory, some believe that shorter messages may be able to be recovered by reverse-engineering the hash sent to Google.

Professor Leith told The Register: “I’m told by colleagues that yes, in principle this is likely to be possible. The hash includes a hourly timestamp, so it would involve generating hashes for all combinations of timestamps and target messages and comparing these against the observed hash for a match – feasible I think for short messages given modern computing power.”

Read more at the Register here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.