Study shows: even if users opt-out, telemetry data is transmitted

On a German security blog I just came across an interesting study (just published last week) showing that both, iOS and Google Android, transmit telemetry, despite the user explicitly opting out of this.

We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.

Source: https://www.scss.tcd.ie/doug.leith/apple_google.pdf
The info on this study I found in a blog post on kuketz-blog.de, really an interesting source of information for all those interested in privacy matters and IT (in German).

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

2 Likes

The most important word in the sentence above is “realistic”. It is a truism that the only option that guarantees ZERO tracking is not owning/using a mobile device at all. Most would find this an “unrealistic” option. And one day this may not even be an option, who knows…

The option that limits tracking to the least possible degree is a 4G enabled “flip-phone”, where only the cellular network tracks the user but there are really no apps to speak of. Many have become so reliant upon apps that this option is as appealing as week-old bread.

Then comes mobile devices with /e/OS loaded. But even as the OS lacks tracking, apps loaded on the device do PLENTY of tracking (transmitting back to the Big G, FB, etc. religiously). In this scenario there is a high likelihood of a FALSE sense of security!

And then of course, there’s the authoritarian’s dream devices, graciously provided by /A/pple and /G/oogle!

If we are to expect that those that control the levers of power are going to willingly and knowingly allow the rabble to walk around unsurveilled when all this wonderful technology exists that provides the opportunity to do so, is frankly a false expectation.

But there is hope. Their surveillance underpins an important yet relatively undiscussed dynamic: Surveillance is only required when a threat is identified.

And exploring this dynamic begs the question: Who is afraid of who?

2 Likes