To collect statistics and conduct analysis, the expert studied the traffic coming from iOS and Android devices to Apple and Google servers at various stages of device operation, for example:
- at the first start after restoring the factory settings;
- when the SIM card is inserted / removed;
- when the phone is idle;
- when viewing the settings screen;
- when geolocation is enabled / disabled;
- when the user enters the pre-installed app store.
At the same time, the study takes into account that data can be collected both by the operating system itself and by default applications, including search engines (Siri, OkGoogle), cloud storage (iCloud, Google Drive), maps and geolocation services (Apple Maps, Google Maps), photo storage (ApplePhoto, Google Photos). Dividing this activity, Leith focused specifically on collecting OS data.
As a result, the professor came to the conclusion that “both iOS and Google Android collect telemetry, despite the fact that the user has clearly refused this [опции]”. Even worse, “this data is shared with companies even if the user is not logged in (even if they have never logged in).”
According to the document, Apple tends to collect more types of data from its iOS devices, but Google collects “noticeably more data.”
“In the first 10 minutes after launch, the Pixel smartphone sends about 1 MB of data to Google, while the iPhone sends about 42 KB of data to Apple.
When the phones are idle, the Pixel sends roughly 1MB of data to Google every 12 hours, compared to the iPhone sending 52K to Apple. That is, Google collects about 20 times more data from mobile devices than Apple, ”the expert writes.
Data collection occurs every 264 seconds on inactive Apple devices and once every 255 seconds on Android smartphones (even when the phone is not in use).
Also, both operating systems communicate with their servers when users browse settings screens or when a new SIM card is inserted into the device.
In addition, Professor Leith observed a number of pre-installed applications and services that also connected to Apple and Google servers (even before these applications were opened and used):
“In particular, on iOS, Siri, Safari and iCloud are among such applications, and on Google Android – Youtube, Chrome, Google Docs, Safety hub, Google Messaging, Clock and Google Search bar.”
Such extensive telemetry can lead to at least two major problems. First, it can be used to link physical devices to personal data that both companies are likely to use for advertising purposes. Second, the telemetry collection process allows manufacturers to track the location of users based on their IP addresses.
Edition The Recordand the Trinity College professor himself asked Apple and Google representatives to comment on the findings of the scientific work. Apple did not respond to requests from the professor and journalists, and Google promised Leith to publish publicly available documentation on the data collected, although they did not give an exact date when this would happen. On the other hand, Google told reporters a little differently:
“This study explores how smartphones work. Modern cars regularly send key data to manufacturers about vehicle components, their safety status and maintenance schedules, and mobile phones work in a similar way. This report details these messages to help ensure that your iOS or Android software is up to date, services are running as expected, and your phone is safe and efficient. “
In addition, the manufacturer disputes the very methodology of data collection. According to Google, the study underestimates the volume of iOS telemetry and excludes certain types of traffic, which skews the results.