Surveillance: Google collects meta data (phone calls, SMS) from Android phones

[German]It seems that Google has established a surveillance function for Android phones. They are claiming the right, to collect and store meta data from incoming/outgoing phone calls and SMS from Android smartphones.


Advertising

I haven't noticed that in detail, although I have seen some reports of new Google Privacy rules. Then I found a German article pointing me to Google`s revised Privacy & Terms (the US terms) informing about that in their Privacy Policy. Last modified: June 28, 2016, they are writing:

Information we get from your use of our services. We collect information about the services that you use and how you use them, like when you watch a video on YouTube, visit a website that uses our advertising services, or view and interact with our ads and content. This information includes:

  • Device informationWe collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google may associate your device identifiers or phone number with your Google Account.
  • Log informationWhen you use our services or view content provided by Google, we automatically collect and store certain information in server logs. This includes:
    • details of how you used our service, such as your search queries.
    • telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
    • Internet protocol address.
    • device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
    • cookies that may uniquely identify your browser or your Google Account.

I've highlighted the paragraph in bold: Google claims the right, to log information like your phone number, date and time of calls, duration and also SMS routing information. A German site mobilsicher.de has tested it – during each phone call, Android tries to connect to a Google server.

Such meta data are also collected by governmental surveillance programs. This kind of meta data is perfect to create user profiles – and will has been used by US military in drone killing operation. And you don't have a possibility to opt-out from Google's data collection approach for Android phones – in my view a no go. Time to drop my Android phone. What's your opinion?

Update: Since this post made it to Hacker News, a longer discussion went on. Also the owner of German site mobilesicher.de informed me that the interview with Peter Schar, former German federal commissioner for data security. Peter Schar as severe doubts that this practice is legal and asks for the EU commission to step in immediately. The full interview (in English) may be read here.  Thanks Matthias Spielkamp for the link.

Similiar articles
Qualcomm-vulnerability breaks Android's disk encryption


Advertising

This entry was posted in Android and tagged , , , . Bookmark the permalink.

33 Responses to Surveillance: Google collects meta data (phone calls, SMS) from Android phones

  1. bob says:

    Sadly I guess it's time to switch back to Apple. Even if it costs more and much of their efforts are for PR purposes, I still feel like they are at least attempting to maintain a degree of user privacy.

    Bob

    • Nando says:

      And you think Apple is doing any less???

    • Will says:

      Yup, I'll be getting an iPhone soon :(

    • Tom says:

      Well there's no point jumping from the frying pan into the fire, so best to avoid Apple as well (or any US based products in general).
      I think the best option would be an Android device without Google's products i.e. something with a custom ROM that is built without any of Google's "free" products

  2. Mateusz says:

    What are the available options? besides Iphone.

    • Peter says:

      * Meizu with Ubuntu
      * Jolla's Sailfish OS (developed from MeeGo). e.g. the coming Intex Aqua Fish or Turing Phone.
      * Samsung's Tizen OS (developed from MeeGo)

  3. Lumi says:

    While I do appreciate you trying to be informative to your readers, I don't appreciate being driven here by what essentially is click bait. Provide the entire context to your readers. Some further digging on Google's privacy page shows this (directly above that bullet point): "When you use our services or view content provided by Google." I assume that applies to Google Voice and isn't a log of android telephony. Furthermore, if you look under the Google Voice privacy page you see "When you use Google Voice, Google's servers automatically record certain information about your use of Google Voice. Similar to other web services, Google Voice records information such as account activity (including storage usage, number of log-ins), data displayed or clicked on (including UI elements, links); and other log information (including browser type, IP-address, date and time of access, cookie ID, and referrer URL). Google's servers also automatically collect telephony log information (including calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information, and types of calls)."

    Saying that, I suppose the language is kind of grey so they certainly might be able to get away with doing what you suspect, but given Google's "don't be evil" stance I would hope this isn't the case.

    • guenni says:

      Your assumption is one thing – what Google transfers is the other. After we (some German magazines and web sites) raised up the topic, a discussion has started. Just an example, what targets German / European law:

      – personal data possible has been transferred to US
      – if you call a phone number, and the meta data are transfered, it's possible, that you violated some laws (for instance, the person you are calling, doesn't use Googles services)

      What I've read so far, there are also suspicions, that this case may influence the EU antitrust investigation against Google. But I'm not the expert in that matter. As a blogger, I can point to some things – the interpretation has to be done by others.

      And only Google can sheed some light into that matter. What I read so far, is a mixture of "Google wasn't aware of the law implications", "Google wasn't able to answers the questions" and so on.

      For further reading, German heise.de article Google: Wirbel um "private Vorratsdatenspeicherung" mit Androidmay be a good source.

    • Jamie says:

      Lumi,

      > I assume that applies to Google Voice

      So you criticize the tone of a post based on some random assumption that you can't be bothered to investigate?

      I take it you also ignored the bit about Android phoning home when used to make calls? Because you certainly didn't bother to mention or refute it.

      Speaking of what we do or don't appreciate I don't appreciate people who complain about people's word choice based on nothing.

      And you're welcome to prefer to believe in corporate slogans rather than legal documents produced by the corp, although I hope that you'll stop laboring to convince others to as well. Do you also believe that Macdonald's makes the world's best meat sandwiches?

    • ..... says:

      You forgot to take your autism medication again, Lumi.

  4. Steve says:

    Someone please develop LittleSnitch for Android.

    • No Name says:

      Get AdAway from F-Droid and you can add your own hosts to a blocklist. It forwards it to localhost, which doesn't exist.

      I am not sure what host Google uses for this, so you'll have to look that up.

  5. John Christensen says:

    I'm glad they do this. I'm not a criminal and the service it delivers is a nice, personalized gesture. Rather awesome!

    • guenni says:

      Hm, the service doesn't depend on meta data. And after the first swat team has entered your home, because your meta data shows you was near by a criminal action – perhaps you will retink your position ;-).

      • John Christensen says:

        When was the last time a SWAT team took down your front door? Let me guess, you think the gov't is gonna take dem der guns and not let you buy 20 cheeseburgers if ya dun want to eh?

  6. pogue says:

    Is this specific to Germany or everywhere else as well?

    • guenni says:

      As far as I have seen, it's world wide. In Germany / Europe we will have the discussion, is it legal to transfer such data.

  7. Pingback: Surveillance: Google collects meta data (phone ...

  8. Paul says:

    In light of this Google tactic (and Microsoft logging keystrokes in Windows 10), it's all the more impressive that there still exists a big corporation which does not abuse your privacy.

    Google has a history of such actions. A few years back, their Streetview cars were "inadvertently" listening and collecting all wifi data that was within range as they took pictures of the streets.

  9. shmox says:

    This is USA

  10. Hello.

    I know this is not the best alternative but you have some options.

    I'm using a ubuntu touch phone since January 2016. Although it hasn't the best behaviour (in my device) it is already an alternative if you don't need too many applications.

    And, maybe the question is if we really need everything we have available on a smartphone.

    There are some other possibilities like Sailfish OS which, as far as I know, has some similar troubles as Ubuntu touch. But they are functional for calling, SMS, surf the Internet, Telegram, and many more.

    Unfortunately, the best alternative was CyanogenMod usin F-Droid as an apps ' repository (all of them Free Software), but with the new terms of service of Google I'm afraid it is not enough. Even though, using F-droid instead of PlayStore is a good step forward (specially if you don't use any google account). Much better email from http://www.openmailbox.org, for example.

    Good luck¡¡

  11. spooky action says:

    It's time to just ditch Google. Switch to Cyanogenmod or Replicant if you can. This is f**king ridiculous.

  12. cyk says:

    Does this also apply to cyanogenmod?

  13. kungfu says:

    If you think that your data isnt being collected and used to somebodies advantage, then you are naive at best. Other options? There is none, outside of maybe airplane mode, or going back to a non-smartphone device.

  14. zorro says:

    Pretty scary when you think now what google knowns about you ! I can believe that they have very good internal control about privacy, but even with that… Just imagine if there is some kind of data leakage…

  15. Milonius says:

    Has anyone stopped to consider whether or not the dialer used has an effect on this? You mentioned someone had done testing and Google servers were pinged during phone calls, but were the testers using the Google dialer (the one you can download from the Play Store; the same one that comes with Nexus phones), or were they using a third party dialer? The privacy policy does specify "when you use our services", and using the Google Dialer app would certainly qualify. Try testing with a non-Google dialer and see what happens. If that's not the case, then it must be Android itself that is considered the service. Either way, privacy policies are obviously intentionally vague, but you are agreeing to them when you use the service. Nobody has a right to complain to something they themselves agreed to. It's on you to stay up to date with the privacy policies you're affected by if you care that much.

  16. David M says:

    CopperheadOS is what you want: https://copperhead.co/android/.

    It's the most secure Android out there, based on a hardened AOSP and doesn't come with GApps or require you to supply a Google account for metadata collection. A huge number of security improvements to Android are actually being upstreamed from Copperhead. They're way ahead of the curve.

    There's only a couple of minor challenges: 1. keyboard gestures ('Swype' style) don't work with the default keyboard, because that's a closed source Google lib and can't be included. (Can probably install Swiftkey, but haven't tried). 2. Play Store is out (it requires you to use Google account and give control of your phone to Google, so doesn't fit the trust model). 3. GCM is out, which is part of Play Services, so a few apps like Signal that depend on it won't work.

    I've been running it for a couple of months and it really is superb, stable and respects the principles of Open Source and user-first development. Please do be sure to send them a donation, if you're not buying a handset from them directly. Great team and work supporting. Check out their Twitter feed and you'll quickly see that they do really know what they're doing.

  17. Joachim says:

    People, Solution is not use Google Play Services! You can buy an Android phone and then install a custom ROM like Cyanogen and DON'T INSTALL THE GAPPS. You can live perfect without them. You can live without play store, because there exists f-droid.

  18. Pingback: Surveillance: Google collects meta data (phone calls, SMS) from Android phones – senk9

  19. Pingback: CyberGuerrilla soApboX » Blog Archive » #OpNewblood The Facebook Account Deletion Process

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).