After various data-related controversies in the recent past, tech giants such as Apple and Google have begun to pay more attention to users’ privacy when it comes to their products and services.
However, this is not entirely true, since, according to a recent study, Google’s Phone and Messages apps collect and send user data to Google’s servers without the user’s permission. While this poses a risk to users’ privacy, this practice also potentially violates EU General Data Protection and Regulation Act.
Are Google apps violating users’ privacy?
The Google Phone app and Messages are arguably the two most-used apps on Android, as they’re pre-installed on most modern Android devices. So, according to a detailed study titled “What data do Google Dialer apps and Messages on Android send to Google?”, Trinity College computer science professor Douglas Leith found that these apps collect and send user data to Google without the necessary permissions.
The researcher mentioned that the applications mainly collect data related to user communication, including the hash of SHA256 messages, the timestamps of these messages, contact information, logs of incoming and outgoing calls, and the duration of calls. Once the data is collected, applications use the Google Play Services Clearcut logging service and the Firebase Analytics service to send it to Remote Google Servers. Leith also highlighted the fact that Google can also invert the hash of short messages to reveal their content.
The report reveals another key point: The Google Dialer and Messages apps don’t mention any privacy policies in terms of data collection, a practice that Google recently made mandatory for all third-party apps on the Play Store. This is a kind of hypocrisy of Google and puts it in a negative light.
These results were originally discovered late last year, after which Google was informed of the same. Leith also suggested some important changes that Google should make to its apps to prevent such actions. While Leith made nine changes, Google has already implemented six of them.
In addition, Google has provided some clarification about its data collection methods. The company said the message hash is collected to detect errors in the sequence of messages, and phone numbers are collected to improve the automatic detection of one-time password messages sent via RCS.
Recall that Google, along with other giants of big technology, previously appeared in the news because of the collection of user data without their permission. Whether it’s voice assistants or advertising targeting, these tech giants have violated user privacy time and time again. We look forward to hearing more about this.
So, what do you think about Google collecting user data without permission? Let us know your thoughts in the comments below.