Even when minimally configured and the handset is idle, with the notable exception of e/OS, these vendor-customized Android variants transmit substantial amounts of information to the OS developer and to third parties such as Google, Microsoft, LinkedIn, and Facebook that have pre-installed system apps. There is no opt-out from this data collection.
PDF of study is available at the bottom of the article.
While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children’s category, iOS apps used much fewer advertising-related tracking than their Android counterparts, but could more often access children’s location (by a factor of 7). Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing PII with third-parties in children’s apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.
Subjects:
Cryptography and Security (cs.CR); Computers and Society (cs.CY)
fyi, while also interesting, the arxiv link is a different study with a iOS/Android Appstore comparison (surveying integrated SDKs in 24k apps). The parent post is comparing within Android instead. Douglas Leith, one of the coauthors did some studies on default connection behavior of Androids in the past.
Someone says this is bad article smearing LOS and mentioning e/os stealing code for microG while only donating after backlash, this article is not very well written
I would like to add my opinion about the article. I think it is biased.
In their tests, they used LineageOS with GApps, so obviously data is sent to Google… Without GApps I guess LineageOS is as clean as /e/.
If I install facebook on my smartphone, well I expect to send data to facebook too.
And concerning Huawei, I think it’s a pity that the tests weren’t done on HarmonyOS. (but I don’t know if the code has been made public yet)
Anyway, a whole article just to say that a smartphone with google services and pre-installed apps transmits data. Nothing new
There is Google stuff in LineageOS which isn’t in /e/, and they would have seen that I suppose, but they actually installed Open GApps Nano on LineageOS … here’s what it installs: https://github.com/opengapps/opengapps/wiki/Nano-Package.
What is this trying to achieve?
Either they should have installed the Open GApps stock package (they even mention in the study that nano is different from the stock Androids and there are other Open GApps packages including “stock”), or they shouldn’t have installed Open GApps at all.
Sorry, I didn’t detect the other one. But mine comes from LWN, which is almost more of a reference than the original paper…
So please don’t comment here but in the post above.