" Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways." -Google
This is a beautiful quote because it is an example of one industry's bad behavior leading to another industry's bad behavior, upon which the first industry then users the second's similarity to justify themselves. Cars only started doing this because phones made it normal. It's wrong in both cases.
It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
The 30% cut was considered very good at the time. It was way better than the 50-90% cut that traditional publishers would take.
A sibling comment notes that Steam charged 30% at the time (though some had better deals) but it's worth noting that Steam was not an open platform that anyone could publish on. Much like for consoles, to put a game on Steam you had to have a preexisting relationship with Valve, or try to develop one with no certainty of success. This was also considered a very generous cut because getting on Steam was almost a guarantee of financial success.
This may be pedantic, but Steam was collecting its 30% long before the App Store opened. Thought maybe that was inspired by Apple's cut of music revenues in the iTunes Store.
I suspect that statement was to placate people with "your car does it too", but mine certainly doesn't --- it doesn't even require a computer to run --- and the statement had the exact opposite effect, namely to revalidate the reason I don't drive a "modern car".
That said, I do have an Android, but it is rooted and spends most of its time off. As I type this message, it is on the other side of the room.
> It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
Apple established a standard for the Apple app store. There was a lot of complaint about "Apple Tax" and Apple merely pointed out that it wasn't a "Apple Tax". Sure, Apple started it but others which are not even connected to the Apple ecosystem simply followed. They could have not decided to but they did (Re:Table 1) [0]. Microsoft, Samsung, Google and Amazon all have the same 30% tax. Heck, even commission rates for Xbox, Playstation, Nintendo have the same rate (Re : Table 2). I am sure Apple is not forcing them to have those rates.
Somehow, this conversation turns into an "Apple" vs rest conversation. There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market". I would be open to come up to an alternate number. Most arguments against the 30% is that it is too high. Well, every penny that goes out from the developer's pocket is too high. The cost of an iPhone might be too high. Something, being too high is not an argument to not have that rate.
> It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
I thought Apple chose that figure as game developers were already used to it from consoles and Steam.
I disagree that telemetry is inherently bad. As product engineers, telemetry is often our only visibility into whether or not a system is functioning healthily. How else can you detect difficult-to-spot bugs in production?
The more concerning thing about the car data is that the manafacturers resell it to third parties and those third parties have the right to resell it again. It's a mess.
As a comparison, I don't know if much of Google's data ever leaves Google.
I read Steven Levy's book "Hackers" recently. One interesting insight was that developers for Sierra On-line and other early publishers had deals for the developer to get a 30% royalty on the games they wrote, with Sierra collecting 70% as the publisher. Over time, as there was some market saturation in the early 80s, this number decreased.
It is like I tell my kids, "pointing to bad behavior does not justify your bad behavior"
Cities frequently do this when they want to raise fees or taxes, 'Hey look at City B and City C, our fees are still lower even with this unneeded and uncalled for increase'
>Cars only started doing this because phones made it normal. It's wrong in both cases.
I don't know that this is true, planes have been doing it for quite some time now, although obviously they existing in a totally different bracket of price and complexity.
It’s way worse. Google is the pioneer in that type of analytics.
Apple took the existing model and automated it. They didn’t invent it, it’s been around since RCA/Victor. Retail takes bigger cuts (Walmart used to get 60% from AV vendors). Enterprise software resellers and distributors take a similar share to Apple, and do other shenanigans as a financing mechanism. When you hear about “shipments” that’s what that means.
"20X more telemetry", in terms of data usage, is a pretty meaningless statistic on its own (unless it's large enough to affect your mobile data cap or something).
For instance, I would consider it a much bigger privacy violation for my phone to transmit my exact location every hour than my current CPU usage every 10 seconds.
Which Apple is apparently doing - they send location, local IP, and nearby wifi mac addresses even when you're not logged in. Similarly Apple is collecting more data types than Google according to the research paper.
Sending telemetry can get expensive: in situations where bandwidth/throughput is restricted people often get picky about giving PCs with Windows installed internet access because of this. It can be bad even in normal situations: My girlfriend's laptop has so much broken telemetry crap between Microsoft and HP that her applications actually get pushed into swap (or whatever it's called on Windows.)
Generally speaking, Apple is drastically better about location services privacy. For instance, Apple Maps does not tie any location data nor direction requests to your Apple ID, and regularly rotates identifiers for devices used by the service: https://support.apple.com/en-us/HT212039
Does this matter? How many people do you know that aren't logged in on their phones? It is literally one the first things Android asks you to do even before showing you the main screen.
> When the user is _not_ logged in, iOS collects "location" whereas Android does not.
This may be only technically true. It's not Android, it's Google Play Services, which collects "anonymized", high-accuracy[1] location data constantly.
[1] Yeah, that's actually a contradiction-in-terms. There is no such thing as anonymized, high-accuracy location data.
It doesn’t seem like they actually “collect” this information with any identifier and only use it for limited strict purposes. This is unlike google who can pop up a map of everywhere you’ve been minute by minute over the last 5 years. I guess that’s only when you’re logged in to your google account, but that’s 99% of Android phones.
I only skimmed the paper, but I think the title extracts and confuses a small part of the paper:
"Google collects around 20 times more handset data than Apple"
They didn't intend to say that google collects 20x more data than apple in total, which is what the use of the term "devices" kinda leads us to think. The paper seemed to be equally critical of both and this article made it into an attack on google.
Idk which device is worse, but this article title is a bit misleading. Why not just quote the paper directly?
As users, we are assured that telemetry is only for the purpose of "improving products and services", "improving user experience", etc. If one company is collecting 20x as much as another, all else being equal, one would expect that this would be reflected in the quality of the product/service/experience.
Of course, Google's service is to advertisers, first and foremost. Users generally do not pay for what they receive from Google. Perhaps Google's paying customers, advertisers, are the ones seeing the improvement in the quality of service as a direct or indirect result of telemetry.
YMMV, but as much as I like Apple Maps and use it as much as I can, for the more complex/unknown routes I definitely rely more on Google Maps to get it right. I don't know if telemetry is the cause for the better service, but it is noticeably better for me.
Separately, I'm also a google customer as I run an Ad campaign for a small business (skilled labor), and the dollars spent on search ads are extremely efficient with an incredible ROI. Even with CACs in the 10s of dollars, with the size of the contracts being signed it typically costs much less than .5% of the total.
I don't think this is necessarily true. I believe that Google Maps navigation and location accuracy is significantly better on Android than iOS (no claim on 20x...but anectdatally better)
Google Maps getting more precise telemetry data is actually so useful in improving the navigation experience in tricky intersections, overlapping roads, or low bandwidth areas where GPS signal and service can be spotty. I can speak from experience that friends with Android phones experience less jumpiness in their GPS location, less errors in navigation, and less of that pesky "You've Arrived" notification triggering when still far away from the destination.
If telemetry is used for improving services then why does every project who's UI decisions are based on telemetry[1] consistently rebuild their UIs in less usable and less user friendly ways?
[1] Pretty much anything from Mozilla or Google, Reddit, lots of others.
You bet they are improving. I don’t know any big vendor who is worse than google in ux. Another question is, where is the good old “hiring few hundred users from different groups and watching what they do with a test device” instead of spying on millions of the same kind.
A lot of this reveals the way that Google itself perceives Android devices, and also ChromeOS devices to a lesser extent, to be inside their infrastructure. Years ago Google SRE wanted to extend observability beyond their edge so that there could be an SRE team responsible for the performance of first-party mobile applications. So, there's an SRE team at Google with a dashboard that shows them Google search latency from Google app v42 and v43 which is deployed to 1% of clients. This is why there is so much telemetry.
Another big thing about Android is anti-abuse, keeping people from running ad click fraud in apps running on emulators. That is the whole DroidGuard thing that the paper mentions and doesn't explore further. It is a device-specific virtual machine and bytecode for the virtual machine which is intended to authenticate it as a real device, not an emulator.
> A lot of this reveals the way that Google itself perceives Android devices, and also ChromeOS devices to a lesser extent, to be inside their infrastructure.
This quote should be more than enough to justify legally separating Google from ownership of both platforms. It is a similar problem we're seeing Tesla now extend to it's cars. Regardless of who legally owns the device, the company's employees feel entitled to data from it and de facto ownership of it. In most cases collecting data that the actual owner of the device is unable to see or utilize themselves.
Every week there's a story here on HN that makes me mourn the demise of the Nokia N900. Still the best smartphone ever made by a massive margin.
I hope both those things are made obsolete by stories of smartphones that work well and are vastly more trustworthy than Google and Apple. The longer it takes, the harder it gets. Whatsapp/Signal ports are now hard requirements for much of the population. :S
In addition to size of the data transmission being a poor measure of privacy implications (XML versus JSON anyone?), this paragraph is nonsense: "The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes."
Apple doesn't have an advertising business, nor does it share that information with advertisers.
"Several pre-installed system apps make regular network connections that share device identifiers and details
...
The Clock app connects to Google Analytics ssl.
google-analytics.com/batch."
Really, the clock app calls analytics on a regular basis. That is just ridiculous.
What are the best alternatives to iOS and Android? Is it reasonable to consider the hardware itself "safe", given that the software tracks and calls home about every single thing it does? What are the alternatives?
As mentioned in sibling comment, there are no alternative, but I use microG, which is an open source Google Play Services (the core vehicle of most of this fuckery) shim that allows you to use apps that require Google Play Services (like Uber or Tinder or whatever) without actually having to install any binary blobs from Google. The future is so stupid.
There's /e/ OS for one. Debatable how far you get from the Google ecosystem, since it's an AOSP fork, but I think it's a fine middle ground of functionality and practical privacy.
The hardware itself is insecure in 99% of modern phones because the modem has its own tiny CPU with access to the main CPU and memory. I have no evidence that anyone does use this to collect your data, but somebody totally could. Desktop processors have something similar called the Intel Management Engine or AMD Ryzen has the PSP
> Note that if you clear your cache, you will lose your opt-out setting.” Tap OK to continue and implement the change.
Which cache is that talking about, the browser, or some system level thing? Doesn't clearing your cache break some of their fingerprinting and tracking stuff (timing side channels, etc.)? Seems kind of egregious to have clearing that simultaneously opt you back in.
PSA: This does NOT stop Google tracking your smartphones location. If you think taking these steps means Google's blissfully unaware of where your smartphone is located is denying themselves reality, there are many, many ways to track where a handset is at any given moment (IP address, cellular tower location, with 5G it can be even more precise).
I'd be shocked if after turning off all the settings on my phone it was impossible to track its location via some capability somewhere.
Last week my Pixel started to display an overlay with closed captions of the audio flowing through the device.
It listens in on any audio and transcribes it. Probably handy for podcasts, but other things are just scary.
Maybe it's OK if Google does it, I don't really know. I dislike it, it concerns me. The device would have a transcription of audio conversations I have through apps like WhatsApp. Or it could do something useful like transcribe podcasts and hand the transcription over to the owners, so that they can publish it along with their podcasts, without Google needing to dedicate their servers to it.
But if companies like Xiaomi get this feature for free on Android 15 or 16, I know what they will use this tech for. I know what Facebook would use this tech for, and I wouldn't be surprised if they finally start to sell a cheap but powerful Android device.
With offline transcription the "your device is recording me" will get so much harder to detect, as no audio will get streamed. It will become so easy to listen for keywords like "lawnmower" and count their occurrences or their proximity to phrases like "need to buy", or "is pregnant" and stuff like that.
When you enabled the Live Caption (similarly to how folks told you to disable it --- on my phone it was turned off by default) the following informational screen should have been displayed:
"Live Caption detects speech on your device and automatically generates captions.
When speech is captioned, this feature uses additional battery. All audio and captions are processed locally and never leave the device. Currently available in English only."
So note that Google does not get a copy of the audio stream. It stays local to your device only. I don't know about you, but seems like a really handy feature to me, especially for those who might have hearing difficulties.
The live transcription behavior is enabled by a button at the bottom of the volume control toggle. If it transcribes even if that button is off that seems a lot more concerning.
I don't think transcribing on device and then uploading would make any sense: for something like podcasts they could just do serverside transcription (they already do for youtube videos at least).
I'm waiting for a traffic analysis to turn up that Google gathers location, wifi APs and cell towers even when all possible consent is revoked. Because, with Google's greed, no way I'm believing that they would give that up, and I'm not turning the location service on.
Reminder that Google literally provides a location database for US cops, who are getting bulk data on people simply being in some place at some time and doing nothing wrong: https://www.nytimes.com/2019/04/13/technology/google-sensorv... Meanwhile other countries want to make Google store that data on their territory when it's about their citizens.
“The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes.
Second, that the telemetry collection process allows the OS makers to track users’ location based on the IP address that connects and uploads device telemetry to their servers.
The researcher said that currently, there are very few, if any, realistic options for users to prevent telemetry collection from their devices.”
This is not what I signed up for, makes me want to leave my smartphone at home or in a faraday cage powered off so I’m not being triangulated by cell towers or these ubiquitous telemetry logs.
One thing I noticed is that Google does not collect location and nearby MACs by default and Apple does. That's a pretty serious difference IMO. And one I didn't expect.
Some skips the device's own MAC but they already know that anyway as they manufactured it.
"Google and Apple both collect a lot more telemetry from devices with Android/iOS respectively devices then they should be; with Google outdoing Apple."
You can turn "location" off on Android just as you can turn "third party cookies" off on the Chrome browser. Google counts on 95% of users not doing that. Neither of these are perfect solutions but they do help a lot for minimal effort.
There is no point defending Apple or Google. Both of them probably collect data. Personally I'd be more comfortable with Apple collecting my data as they don't have an Advertisement based model. They've less incentives to use our data, whereas Google's business is based around that very idea! Apple advocates privacy and has made many features available as part of the IOS to enable very granular level control.
Both Google and Apple forbid health agencies around the world wanting to install apps to store similar data for the purposes of pandemic data and suppression - which is understandable that many governments would use it for all sorts of nefarious reasons, but it's also rather hypocritical that they can infer that 'we can use it for whatever because quality. And advertising'.
I've switch off every possible toggle on Apple TVs, iPhones MacBooks and all the devices still ping back to Apple HQ with time.apple.com, time-osx.g.aaplimg.com, metrics.icloud.com..... so I take this with a grain of salt. I've logged all DNS - using nextdns - and the number of requests back to HQ is more that it should be.
Approaching this constructively - is it possible that this data is used for verification purposes? E.g. iOS will alert your iCloud account if it detects a new IMEI/phone number?
The claim of “20x more data” is a bit suspect as well. 20x the byte-level amount of data? Yes, the math checks out. 20x the data points? Likely not.
Well I have a different personal email account and a different google phone account.
There used to be more android mail apps that allow logging in directly without using the phone’s credentials but its getting more and more rare.
Any Android mail apps suggestionsthat use web login than android are welcome
Google makes money by collecting data (and lately, cloud services), Apple makes money by selling hardware and putting huge margin on it. (And lately, cloud services.)
So it's all not surprising, really? Different business models lead to different outcomes.
I'd be interested to learn more. E.g, to what extent is the data anonymized?
I also want to know what the data is used for and how long it is stored for, but I suppose those are very tough questions for an external researcher to test.
It's all the little needling ways that get to me. For example, Google Maps works fine with GPS. However, if you drag the map view so it isn't centered on you and tap the "center" button, you get a pop-up begging you to let Google scan for access points even when your wifi is turned off. Hit no and hit the center button again and it works normally.
Fucking why, Google? It's irrelevant to the function I'm trying to use. Not only that but you already have my answer, which is no. Maybe I don't want to be your personal 24/7 wardriver. Maybe I don't want you running my battery down for no reason. Maybe I'm somewhere I'm not allowed to emit 2.4GHz signals and your scanning could get me in trouble with my job or even the law.
Data collection is what companies do when they have no empathy. It's like an ivory tower effect where you don't interact with customers day to day or don't know what they want, so you try to use data to fill in the (large) gap. I could come up with countless examples of amazing products where nobody was using data to justify their decisions.
You'd have to ask Apple, but I'd imagine they would say they use it to improve location services. Access point / MAC address data is really useful in aggregate as a way of augmenting GPS, especially indoors. And of course it's also a great way of seeing who associates with each other, but that's at least somewhat mitigated by most devices broadcasting random MAC addresses until they actually join a network.
It's a long often too verbose read by "The Age of Surveillance Capitalism" is unforgiving in its detailing of the past, and relentless in its fear of what the future likely holds.
Most people seem to say "oh I know they're collecting data." Unfortunately they don't - likely can't - grasp the depth and breadth. And the motive? Most will never make it that far.
The Age of Surveillance Capitalism rips off the bandaid, one greepy greedy power move at a time.
For example, the phones send tons of data to Google when first booted. But there is no data on the phone at that point! Then maybe this is not data gathering just bad software??
There IS a lot of data even at the very first boot: unique device ID, IP address, MAC address, location, SSID, etc. It can be used to track you later on.
Most of the info Apple sends shouldn't be considered telemetry though.
The hardware info is used to make sure that blacklisted/stolen devices are rendered inoperable.
The other requests are simply due to used apps...it seems the researcher is unclear about many aspects of iOS. i.e. typing a url into Safari kicks off to find links, apps, etc. that will be the logical next step for a "search"
He also doesn't understand the difference between Siri the voice assistant and Siri the platform.
tldr; Google vacuums everything it can...Apple is the exact opposite.
This is precisely why I always choose to use the mobile version of a site/app rather than the app if it's available.
Safari has great adblocking. Also, the mobile version of a site is typically a superior UX compared to apps because the controls are consistent. It's usually faster, and best of all, it's MUCH easier to block all of the tracking.
I went to visit an apartment to rent with a friend. While waiting for the owner my friend was reading the names on the mailbox, and read the "x" out loud said "this person is probably Romanian". I when I was home I had notification if I knew this "x" person. All this time my phone was in my pocket. It is just creepy and I'm going to change my pixel 2 as soon as I can for an Iphone.
I mean at this point it's obvious if you're using a digital device data is going to be collected, that's part of society and living in the 21st century; could be your toothbrush, fridge, washing machine, car...All these devices generate data that is going to be collected.
It's also changing how crime is investigated; Google can be asked for a list of smartphones in an area at a given time, can be used to collect evidence or information (were you in this building on this floor at this time?). Carrying a smartphone can implicate you (or not) and you can be photographed by anyone at any moment regardless of your "rights".
I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
This is neither shocking nor unexpected. Humans generate data, data is going to be collected and used.
That's not going to change any time soon. Some thought Google would introduce a similar privacy feature to Apple's tracking consent but I lol'd at anyone who believed that.
>I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
While I agree with this in principle, I've never really understood why we forgive poor user behaviour when it comes to computers when we don't do the same with basically any other tool humans regularly use, despite the negative consequences being comparable, I don't think it's reasonable to expect people to just quietly accept 'tracking's just the way it is, deal with it.'
That doesn't come down to poor user behaviour in that case, it comes down to malicious behaviour by device manufacturers and software developers in the name of profit.
It's all well and good to expect users to take steps to deal with that behaviour, but it shouldn't just be accepted that, 'that's just the way it is.' And companies should be held accountable for at least the deceit that surrounds it.
Just being honest and open about it all would be a start. At least then you could make the excuse 'oh well the user should have tried harder to not be tracked.' Because they have a fair chance of knowing where and how they're being tracked.
This current system of deceit and bullshit is the problem.
The point of the comparison made in the headline here is exactly that one does not need to expect the worse from everyone and therefore stop caring and complaining.
Some comments were deferred for faster rendering.
ocdtrekkie|4 years ago
This is a beautiful quote because it is an example of one industry's bad behavior leading to another industry's bad behavior, upon which the first industry then users the second's similarity to justify themselves. Cars only started doing this because phones made it normal. It's wrong in both cases.
It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
rdw|4 years ago
A sibling comment notes that Steam charged 30% at the time (though some had better deals) but it's worth noting that Steam was not an open platform that anyone could publish on. Much like for consoles, to put a game on Steam you had to have a preexisting relationship with Valve, or try to develop one with no certainty of success. This was also considered a very generous cut because getting on Steam was almost a guarantee of financial success.
AlexandrB|4 years ago
userbinator|4 years ago
That said, I do have an Android, but it is rooted and spends most of its time off. As I type this message, it is on the other side of the room.
tchalla|4 years ago
Apple established a standard for the Apple app store. There was a lot of complaint about "Apple Tax" and Apple merely pointed out that it wasn't a "Apple Tax". Sure, Apple started it but others which are not even connected to the Apple ecosystem simply followed. They could have not decided to but they did (Re:Table 1) [0]. Microsoft, Samsung, Google and Amazon all have the same 30% tax. Heck, even commission rates for Xbox, Playstation, Nintendo have the same rate (Re : Table 2). I am sure Apple is not forcing them to have those rates.
Somehow, this conversation turns into an "Apple" vs rest conversation. There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market". I would be open to come up to an alternate number. Most arguments against the 30% is that it is too high. Well, every penny that goes out from the developer's pocket is too high. The cost of an iPhone might be too high. Something, being too high is not an argument to not have that rate.
[0] https://www.analysisgroup.com/globalassets/insights/publishi...
gumby|4 years ago
I thought Apple chose that figure as game developers were already used to it from consoles and Steam.
2OEH8eoCRo0|4 years ago
They send only a list of functions on the stack without any of the arguments or data.
Example: https://retrace.fedoraproject.org/faf/problems/bthash/?bth=3...
Where Google goes too far is sending everything in the name of security or better yet to "serve" the user.
wmichelin|4 years ago
beforeolives|4 years ago
As a comparison, I don't know if much of Google's data ever leaves Google.
TYPE_FASTER|4 years ago
grishka|4 years ago
I'm still terrified by the fact that some cars now apparently have network interfaces for some reason.
hnburnsy|4 years ago
Cities frequently do this when they want to raise fees or taxes, 'Hey look at City B and City C, our fees are still lower even with this unneeded and uncalled for increase'
dralley|4 years ago
I don't know that this is true, planes have been doing it for quite some time now, although obviously they existing in a totally different bracket of price and complexity.
ogre_codes|4 years ago
This doesn’t make it more defensible, but they didn’t create it.
Spooky23|4 years ago
Apple took the existing model and automated it. They didn’t invent it, it’s been around since RCA/Victor. Retail takes bigger cuts (Walmart used to get 60% from AV vendors). Enterprise software resellers and distributors take a similar share to Apple, and do other shenanigans as a financing mechanism. When you hear about “shipments” that’s what that means.
boring_twenties|4 years ago
In a similar vein, can the radios be physically removed from any newer cars without the car complaining about it?
charcircuit|4 years ago
m463|4 years ago
beastman82|4 years ago
joshspankit|4 years ago
And, as with most things, there’s an XKCD for that: https://xkcd.com/978/
wunderflix|4 years ago
swiley|4 years ago
My car doesn't and I absolutely would never buy one that does even if that meant walking/taking the bus.
teraflop|4 years ago
For instance, I would consider it a much bigger privacy violation for my phone to transmit my exact location every hour than my current CPU usage every 10 seconds.
kllrnohj|4 years ago
kuratkull|4 years ago
swiley|4 years ago
mankyd|4 years ago
I am actually a little surprised that iOS would gather this information. What use would it serve?
ocdtrekkie|4 years ago
Generally speaking, Apple is drastically better about location services privacy. For instance, Apple Maps does not tie any location data nor direction requests to your Apple ID, and regularly rotates identifiers for devices used by the service: https://support.apple.com/en-us/HT212039
onedognight|4 years ago
livre|4 years ago
Does this matter? How many people do you know that aren't logged in on their phones? It is literally one the first things Android asks you to do even before showing you the main screen.
jayd16|4 years ago
the_dune_13|4 years ago
titzer|4 years ago
This may be only technically true. It's not Android, it's Google Play Services, which collects "anonymized", high-accuracy[1] location data constantly.
[1] Yeah, that's actually a contradiction-in-terms. There is no such thing as anonymized, high-accuracy location data.
shuckles|4 years ago
simonh|4 years ago
twobitshifter|4 years ago
grifball|4 years ago
Idk which device is worse, but this article title is a bit misleading. Why not just quote the paper directly?
1vuio0pswjnm7|4 years ago
Of course, Google's service is to advertisers, first and foremost. Users generally do not pay for what they receive from Google. Perhaps Google's paying customers, advertisers, are the ones seeing the improvement in the quality of service as a direct or indirect result of telemetry.
ProfessorLayton|4 years ago
Separately, I'm also a google customer as I run an Ad campaign for a small business (skilled labor), and the dollars spent on search ads are extremely efficient with an incredible ROI. Even with CACs in the 10s of dollars, with the size of the contracts being signed it typically costs much less than .5% of the total.
darkwizard42|4 years ago
Google Maps getting more precise telemetry data is actually so useful in improving the navigation experience in tricky intersections, overlapping roads, or low bandwidth areas where GPS signal and service can be spotty. I can speak from experience that friends with Android phones experience less jumpiness in their GPS location, less errors in navigation, and less of that pesky "You've Arrived" notification triggering when still far away from the destination.
swiley|4 years ago
[1] Pretty much anything from Mozilla or Google, Reddit, lots of others.
wruza|4 years ago
jeffbee|4 years ago
Another big thing about Android is anti-abuse, keeping people from running ad click fraud in apps running on emulators. That is the whole DroidGuard thing that the paper mentions and doesn't explore further. It is a device-specific virtual machine and bytecode for the virtual machine which is intended to authenticate it as a real device, not an emulator.
Anyway check out this slide deck for how Google SRE views mobile as being in their world: https://www.usenix.org/sites/default/files/conference/protec...
PS that team is called MISRE, pronounced "misery" and some of the founders of that team migrated from "SAD SRE" make of that what you will.
ocdtrekkie|4 years ago
This quote should be more than enough to justify legally separating Google from ownership of both platforms. It is a similar problem we're seeing Tesla now extend to it's cars. Regardless of who legally owns the device, the company's employees feel entitled to data from it and de facto ownership of it. In most cases collecting data that the actual owner of the device is unable to see or utilize themselves.
Google234|4 years ago
harry8|4 years ago
I hope both those things are made obsolete by stories of smartphones that work well and are vastly more trustworthy than Google and Apple. The longer it takes, the harder it gets. Whatsapp/Signal ports are now hard requirements for much of the population. :S
fsflover|4 years ago
papaf|4 years ago
swiley|4 years ago
dltj|4 years ago
Apple doesn't have an advertising business, nor does it share that information with advertisers.
Rebelgecko|4 years ago
In addition to https://searchads.apple.com there's ads in the stock and news apps.
unknown|4 years ago
[deleted]
hnburnsy|4 years ago
"Several pre-installed system apps make regular network connections that share device identifiers and details ... The Clock app connects to Google Analytics ssl. google-analytics.com/batch."
Really, the clock app calls analytics on a regular basis. That is just ridiculous.
[0]-https://www.scss.tcd.ie/doug.leith/apple_google.pdf
davidkellis|4 years ago
metalliqaz|4 years ago
If you're serious enough to use impractical solutions, you probably want a non-google Android distro: https://en.wikipedia.org/wiki/List_of_custom_Android_distrib...
fapjacks|4 years ago
npteljes|4 years ago
FearlessNebula|4 years ago
niutech|4 years ago
fsflover|4 years ago
swebs|4 years ago
relax88|4 years ago
Any day now...
laurensr|4 years ago
judge2020|4 years ago
metalliqaz|4 years ago
https://www.androidpolice.com/2019/10/08/how-to-fully-disabl...
How to disable personalized ads on Android:
https://www.androidguys.com/tips-tools/how-to-disable-person...
cma|4 years ago
Which cache is that talking about, the browser, or some system level thing? Doesn't clearing your cache break some of their fingerprinting and tracking stuff (timing side channels, etc.)? Seems kind of egregious to have clearing that simultaneously opt you back in.
aboringusername|4 years ago
I'd be shocked if after turning off all the settings on my phone it was impossible to track its location via some capability somewhere.
qwertox|4 years ago
It listens in on any audio and transcribes it. Probably handy for podcasts, but other things are just scary.
Maybe it's OK if Google does it, I don't really know. I dislike it, it concerns me. The device would have a transcription of audio conversations I have through apps like WhatsApp. Or it could do something useful like transcribe podcasts and hand the transcription over to the owners, so that they can publish it along with their podcasts, without Google needing to dedicate their servers to it.
But if companies like Xiaomi get this feature for free on Android 15 or 16, I know what they will use this tech for. I know what Facebook would use this tech for, and I wouldn't be surprised if they finally start to sell a cheap but powerful Android device.
With offline transcription the "your device is recording me" will get so much harder to detect, as no audio will get streamed. It will become so easy to listen for keywords like "lawnmower" and count their occurrences or their proximity to phrases like "need to buy", or "is pregnant" and stuff like that.
I don't want my devices to do this.
tytso|4 years ago
"Live Caption detects speech on your device and automatically generates captions.
When speech is captioned, this feature uses additional battery. All audio and captions are processed locally and never leave the device. Currently available in English only."
So note that Google does not get a copy of the audio stream. It stays local to your device only. I don't know about you, but seems like a really handy feature to me, especially for those who might have hearing difficulties.
esrauch|4 years ago
I don't think transcribing on device and then uploading would make any sense: for something like podcasts they could just do serverside transcription (they already do for youtube videos at least).
aasasd|4 years ago
Reminder that Google literally provides a location database for US cops, who are getting bulk data on people simply being in some place at some time and doing nothing wrong: https://www.nytimes.com/2019/04/13/technology/google-sensorv... Meanwhile other countries want to make Google store that data on their territory when it's about their citizens.
sizzle|4 years ago
Second, that the telemetry collection process allows the OS makers to track users’ location based on the IP address that connects and uploads device telemetry to their servers.
The researcher said that currently, there are very few, if any, realistic options for users to prevent telemetry collection from their devices.”
This is not what I signed up for, makes me want to leave my smartphone at home or in a faraday cage powered off so I’m not being triangulated by cell towers or these ubiquitous telemetry logs.
GekkePrutser|4 years ago
Some skips the device's own MAC but they already know that anyway as they manufactured it.
GekkePrutser|4 years ago
einpoklum|4 years ago
There, fixed that title for you.
sunstone|4 years ago
EDIT And this just in, more third party cookies:
jp0d|4 years ago
jariel|4 years ago
dav43|4 years ago
I've switch off every possible toggle on Apple TVs, iPhones MacBooks and all the devices still ping back to Apple HQ with time.apple.com, time-osx.g.aaplimg.com, metrics.icloud.com..... so I take this with a grain of salt. I've logged all DNS - using nextdns - and the number of requests back to HQ is more that it should be.
boston_clone|4 years ago
The claim of “20x more data” is a bit suspect as well. 20x the byte-level amount of data? Yes, the math checks out. 20x the data points? Likely not.
antman|4 years ago
shp0ngle|4 years ago
So it's all not surprising, really? Different business models lead to different outcomes.
jmull|4 years ago
I also want to know what the data is used for and how long it is stored for, but I suppose those are very tough questions for an external researcher to test.
Causality1|4 years ago
Fucking why, Google? It's irrelevant to the function I'm trying to use. Not only that but you already have my answer, which is no. Maybe I don't want to be your personal 24/7 wardriver. Maybe I don't want you running my battery down for no reason. Maybe I'm somewhere I'm not allowed to emit 2.4GHz signals and your scanning could get me in trouble with my job or even the law.
JacobSuperslav|4 years ago
danielrhodes|4 years ago
ConceptJunkie|4 years ago
estomagordo|4 years ago
sloshnmosh|4 years ago
dvhh|4 years ago
omar_kha|4 years ago
xtat|4 years ago
noelniles|4 years ago
mmacvicarprett|4 years ago
When the user gives consent for PII like IMEI, location, networks mac addresses?
I wonder if both companies might be breaching the Children's Online Privacy Protection Rule ("COPPA").
TechBro8615|4 years ago
troysk|4 years ago
chiefalchemist|4 years ago
Most people seem to say "oh I know they're collecting data." Unfortunately they don't - likely can't - grasp the depth and breadth. And the motive? Most will never make it that far.
The Age of Surveillance Capitalism rips off the bandaid, one greepy greedy power move at a time.
https://www.wnycstudios.org/podcasts/otm/segments/living-und...
zibzab|4 years ago
For example, the phones send tons of data to Google when first booted. But there is no data on the phone at that point! Then maybe this is not data gathering just bad software??
niutech|4 years ago
nixass|4 years ago
hindsightbias|4 years ago
It’s always interesting how Android is given the benefit of the doubt on intent and that never happens with iOS.
bilal4hmed|4 years ago
PieUser|4 years ago
bronlund|4 years ago
[deleted]
yuhong|4 years ago
williesleg|4 years ago
[deleted]
dalu|4 years ago
noelniles|4 years ago
[deleted]
nojito|4 years ago
The hardware info is used to make sure that blacklisted/stolen devices are rendered inoperable.
The other requests are simply due to used apps...it seems the researcher is unclear about many aspects of iOS. i.e. typing a url into Safari kicks off to find links, apps, etc. that will be the logical next step for a "search"
He also doesn't understand the difference between Siri the voice assistant and Siri the platform.
tldr; Google vacuums everything it can...Apple is the exact opposite.
ed25519FUUU|4 years ago
Safari has great adblocking. Also, the mobile version of a site is typically a superior UX compared to apps because the controls are consistent. It's usually faster, and best of all, it's MUCH easier to block all of the tracking.
mustaflex|4 years ago
aboringusername|4 years ago
It's also changing how crime is investigated; Google can be asked for a list of smartphones in an area at a given time, can be used to collect evidence or information (were you in this building on this floor at this time?). Carrying a smartphone can implicate you (or not) and you can be photographed by anyone at any moment regardless of your "rights".
I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
This is neither shocking nor unexpected. Humans generate data, data is going to be collected and used.
That's not going to change any time soon. Some thought Google would introduce a similar privacy feature to Apple's tracking consent but I lol'd at anyone who believed that.
grawprog|4 years ago
While I agree with this in principle, I've never really understood why we forgive poor user behaviour when it comes to computers when we don't do the same with basically any other tool humans regularly use, despite the negative consequences being comparable, I don't think it's reasonable to expect people to just quietly accept 'tracking's just the way it is, deal with it.'
That doesn't come down to poor user behaviour in that case, it comes down to malicious behaviour by device manufacturers and software developers in the name of profit.
It's all well and good to expect users to take steps to deal with that behaviour, but it shouldn't just be accepted that, 'that's just the way it is.' And companies should be held accountable for at least the deceit that surrounds it.
Just being honest and open about it all would be a start. At least then you could make the excuse 'oh well the user should have tried harder to not be tracked.' Because they have a fair chance of knowing where and how they're being tracked.
This current system of deceit and bullshit is the problem.
IAmEveryone|4 years ago