- on first startup following a factory reset;
- when a SIM is inserted/removed;
- when a handset lies idle;
- when the settings screen is viewed;
- when location is enabled/disabled;
- when the user logs in to the pre-installed app store.
The study unearthed some uncomfortable results. For starters, Prof. Leith said that “both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this [option].”
Furthermore, “this data is sent even when a user is not logged in (indeed even if they have never logged in),” the researcher said.The table below summarizes the main data points that test handsets sent to Apple and Google servers.But while the Irish researcher found that Apple tends to collect more information data types from an iOS device, it was Google that collected “a notably larger volume of handset data.” “During the first 10 minutes of startup the Pixel handset sends around 1MB of data is sent to Google compared with the iPhone sending around 42KB of data to Apple,” Prof. Leith said.
“When the handsets are sitting idle the Pixel sends roughly 1MB of data to Google every 12 hours compared with the iPhone sending 52KB to Apple i.e., Google collects around 20 times more handset data than Apple.”
iOS and Android share data on average every 4.5 minutes
This data collection process takes place every 264 seconds on idle Apple devices and once 255 seconds on Android smartphones — which roughly equates to almost every four and a half minutes even when the handset is not being used.
But in addition to the idle state, the Irish researcher said that both operating systems also share data with their central servers when users are browsing their settings screens.
In a blog post, Google said that app developers may see a "significant impact" to their Google ad revenue on iOS after Apple's new policy takes effect: Apple's ATT changes will reduce visibility into key metrics that show how ads drive conversions (like app installs and sales) and will affect how advertisers value and bid on ad impressions.
Furthermore, when a new SIM card is inserted into both iOS and Android devices, SIM details are shared with both Apple and Google almost immediately.But Prof. Leith said that he also observed a number of pre-installed apps and services also making connections to both Apple and Google servers even before the apps were opened or used. “In particular, on iOS these include Siri, Safari and iCloud and on Google Android these include the Youtube app, Chrome, Google Docs, Safety hub, Google Messaging, the Clock, and the Google Search bar,” Prof. Leith said.
The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes.
Second, that the telemetry collection process allows the OS makers to track users’ location based on the IP address that connects and uploads device telemetry to their servers.
The researcher said that currently, there are very few, if any, realistic options for users to prevent telemetry collection from their devices.
Google disputes paper numbersThe Record contacted both Apple and Google for comment on Prof. Leith’s findings. Apple did not respond.
The Irish professor said he too contacted both companies. Apple did not respond, while Google sent clarifications, which he incorporated into the paper. Google also told Prof. Leith that they intended to publish public documentation on the telemetry data they collect, but did not provide a date or deadline.
However, in an email response on Monday, a Google spokesperson played down the paper’s findings, and claimed the researcher found legitimate telemetry data that helps keep devices running smoothly.
This research outlines how smartphones work. Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways. This report details those communications, which help ensure that iOS or Android software is up to date, services are working as intended, and that the phone is secure and running efficiently.Google spokesperson
In addition, according to a Google source familiar with the research paper’s review, the Android maker also disputed the paper’s methodology, which they claim under-counted iOS’ telemetry volume by excluding certain types of traffic, which Google believes resulted in skewed results that found Android devices collecting 20 times more data than iOS.
Additional details are available in a research paper titled “Mobile Handset Privacy: Measuring The Data iOSand Android Send to Apple And Google,” available as a downloadable PDF document. Last year, in March 2020, the same professor also published a study analyzing the telemetry collected by web browsers. The study [PDF] found that Brave collected the smallest amount of data, while Microsoft’s Edge and the Yandex Browser were at the opposite side of the spectrum.