Research by universities in Edinburgh and Ireland revealed astonishing facts about the data collected by Android handset OEMs.
These OEMs collect a vast amount of user identifying data through their tweaked OS made on Android and share it with third-party services. Also, there’s no option given for the device owners to be left out of this practice.
Android Handsets Collecting Data
Combined research done by the University of Edinburgh and Trinity College Dublin revealed that handset OEMs like Samsung, Xiaomi, Huawei, etc., collect many telemetry data and share it with Google and other third-party services.
The data include identifiers like IMEI number, device ID, GUID, hardware serial number, app usage details, etc. These are termed telemetry data and are being recorded and sent to OS and device makers even when the handset is not used!
Vendors listed in the research are famous smartphone makers – Samsung, Xiaomi, Huawei, etc., who collect these data points through various means, primarily through pre-installed apps. These apps are competitively placed alongside Google’s suite of apps.
Being the bloatware, they’re hard to remove by an average user. This makes the user share his device data with OEMs and also third-party services like Microsoft, LinkedIn, Facebook, etc., without being known.
One common point is that – all the data collected is shared with Google, even though the OEMs make their bloatware OS over Android. What’s worse than not leaving an option to leave out is the data collected by such pre-installed apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei) is leaking!
Researchers found that the collected data isn’t encrypted while transporting, leaving the pipeline to snooping by hackers. Also, even if the user manages to cut the link for a while, they’re relinked through various identifiers like SIM, IMEI, location data history, IP address, network SSID, or a combination of these.
One prominent exception is the /e/OS – privacy-focused OS forked from LineageOS and Android. The /e/OS is found to collect no such data from the users’ devices.