Study: Huawei, Samsung, Realme, Xiaomi collect massive data via Android

Spread the love

Researchers from the University of Edinburgh state that the Android versions of Huawei, Samsung, Realme, Xiaomi and LineageOS collect unsolicited data from users. The data is shared with Google, Microsoft and Facebook, who have system apps preinstalled on the OS.

According to the researchers, many studies have already been done on the collection of data by apps, but not on the collection of user data by the operating systems themselves. That’s why they took a closer look at European Android devices from Huawei, Samsung, Realme and Xiaomi as well as devices running on LineageOS and /e/OS.

At the start of the study, they set up the devices so that no diagnostic information would be shared with the manufacturers, nor did they create an account with the device manufacturer. Despite all this, the researchers noted that ‘a substantial amount’ of data was still being collected. For example, imei numbers, serial numbers, advertising IDs and information about installed apps are raked in and details about the use of those apps. “You can compare it a bit with cookies,” the study says. Xiaomi would be the most detailed, according to the researchers. The Chinese company tracks how long a user uses a particular app, and it reportedly does so for every screen in those apps.

Samsung, Xiaomi, Realme and Google also collect long-lived device identifiers, identifiers of the device that are associated with the device for a long time, in combination with various advertising IDs, undermining the reset of these IDs, according to the researchers. “When a user resets the advertising ID, it can be relinked to the device,” it sounds. Huawei would not collect any combination of this data.

Manufacturers are never alone in collecting data on their devices; different parties are working on every device, but Google is on almost every Android variant. In addition to Samsung and Google, Microsoft also collects data on Samsung devices. With Xiaomi devices, the Chinese manufacturer is joined by Google in the collection of data and also by Facebook. At Realme we see Google and the Chinese company Heytap. At Huawei, the researchers found Google, Microsoft and Daily Motion and Qihoo 360.

Many of those third parties can collect the data through pre-installed apps that cannot be removed. According to the researchers, the collected data would be sent to servers in Europe, only Xiaomi sends the data to servers in Singapore and Samsung forwards its data to servers in the United States, the researchers found.

They state that communication with the servers is to be expected, but that the observed amounts were unexpected and that there is also no opt-out with regard to the data collection.

The researchers from the University of Edinburgh also examined whether devices running LineageOS and /e/OS collected data. LineageOS only shared data with Google, but it should be noted that the researchers installed OpenGApps on the devices running LineageOS. The privacy-focused custom rom /e/OS did not collect user data according to the researchers

Update, 9:40 PM: Added information about using OpenGApps with LineageOS. Thanks to script.

University Edinburgh

You might also like